9 matches found
EUVD-2019-6171
Malware in sbrugna...
EUVD-2006-2066
Malware in sbrugna...
CVE-2019-15095
DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter...
Cross site scripting
DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter...
Sql injection
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow 1 remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or 2 remote authenticated users to execute arbitrary SQL commands via the SurveyID...
Sql injection
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the...
CVE-2006-2065
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the...
CVE-2006-2065
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the...
PHPSurveyor 0.995 - 'surveyid' Remote Command Execution
!/usr/bin/php -q -d shortopentag=on works regardless of magicquotes gpc settings \r\n"; echo " with at least one row in 'surveys' table \r\n"; echo " and if we succeed to include logs \r\n"; echo "\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server...