7 matches found
EUVD-2007-5945
Malware in sbrugna...
Sql injection
SQL injection vulnerability in index.php in TBSource, as used in 1 TBDev and 2 TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-5975
SQL injection vulnerability in index.php in TBSource, as used in 1 TBDev and 2 TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-5975
CVE-2007-5975 affects TBSource’s index.php as used in TBDev and TorrentStrike 0.4. The vulnerability is a SQL injection in the choice parameter, exploitable by remote authenticated users to execute arbitrary SQL commands. The NVD entry lists a CVSS v2 base score of 6.5 (Medium) with network acces...
CVE-2007-5975
SQL injection vulnerability in index.php in TBSource, as used in 1 TBDev and 2 TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information...
TBsource Index.PHP SQL注入漏洞
TBsource是一款基于PHP的WEB应用程序。 TBsource不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于'Index.PHP'脚本对用户提交的'choice'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或可能操作数据库。 TBsource 7alpha.1.01 目前没有详细解决方案提供: http://sourceforge.net/project/showfiles.php?groupid=153513...
SQL injection bug found in TBSource.
A vulnerability found in the popular bittorrent tracker TBSource code allows an attacker to inject SQL queries and read secret information from the database. The value of 'choice' passed to the script index.php is not properly sanitized. When a special tailored value is passed by an attacker, ful...