15 matches found
EUVD-2007-5407
Malware in sbrugna...
EUVD-2007-5406
Malware in sbrugna...
Scott Manktelow Design Stride 1.0 Content Management System Main.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26041/info Scott Manktelow Design Stride 1.0 Content Management System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting th...
Scott Manktelow Design Stride 1.0 Merchant Shop.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26046/info Scott Manktelow Design Stride 1.0 Merchant is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...
Sql injection
Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the p parameter to main.php in the Content Management System, 2 the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the 3 course or 4 provider parameter t...
Code injection
include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code...
CVE-2007-5430
Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the p parameter to main.php in the Content Management System, 2 the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the 3 course or 4 provider parameter t...
Default credentials
Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php...
CVE-2007-5431
include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code...
CVE-2007-5430
Stride 1.0 contains multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via (1) main.php p parameter, (2) shop.php id parameter, or (3) detail.php course or (4) provider parameter. Root cause appears to be improper input handling in the affected PH...
CVE-2007-5432
CVE-2007-5432 refers to a vulnerability in Stride 1.0 where a default administrator account uses username "scott" and password "running". According to the provided documents, remote attackers could obtain administrative access via login.php. The core issue is the use of a hardcoded default creden...
CVE-2007-5430
Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the p parameter to main.php in the Content Management System, 2 the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the 3 course or 4 provider parameter t...
CVE-2007-5431
The CVE-2007-5431 entry affects Stride 1.0’s MyFTPUploader module, specifically the include/imageupload.js component. The root cause is that sensitive FTP login credentials are present in the source code, which could allow remote attackers to gain unauthorized access to the FTP server used by the...
CVE-2007-5432
Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php...
Scott Manktelow Design Stride 1.0 - 'Content Management System main.php' SQL Injection
source: https://www.securityfocus.com/bid/26041/info Scott Manktelow Design Stride 1.0 Content Management System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker t...