EUVD-2007-0228

Malware in sbrugna...

uniForum <= 4 - (wbsearch.aspx) Remote SQL Injection Vulnerability

No description provided by source. Title : uniForum = v4 wbsearch.aspx Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : ... Vendor : http://uniforum.biz/ $$ : $99 SQL--------------------------------------------------------- http://target/path//wbsearch.aspx POST Method SQL...

uniforum4-sql.txt

Title : uniForum wbsearch.aspx Before, see "by User", it write ';update admin set Password='000245'-- Login Admin:http://www.xxx.com/path/wbadmlog.aspx Username: Administrator Password: 000245 /SQL """"""""""""""""""""" ajann,Turkey ... Im not Hacker!...

uniForum &lt;= v4 &#40;wbsearch.aspx&#41; Remote SQL Injection Vulnerability

Title : uniForum = v4 wbsearch.aspx Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : ... Vendor : http://uniforum.biz/ $$ : $99 SQL--------------------------------------------------------- http://target/path//wbsearch.aspx POST Method SQL Example: //Fin the -wbsearch.aspx...

Sql injection

SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field aka the TXbyuser parameter...

CVE-2007-0226

SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field aka the TXbyuser parameter...

CVE-2007-0226

CVE-2007-0226 describes an SQL injection vulnerability in wbsearch.aspx for uniForum 4 and earlier, where the TXbyuser parameter (by User) can lead to arbitrary SQL execution by remote attackers. The issue arises from improper handling of user-supplied input in the SQL query, enabling confidentia...

CVE-2007-0226

SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field aka the TXbyuser parameter...

uniForum &lt;= v4 &#40;wbsearch.aspx&#41; Remote SQL Injection Vulnerability

Title : uniForum = v4 wbsearch.aspx Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : ... Vendor : http://uniforum.biz/ $$ : $99 SQL--------------------------------------------------------- http://target/path//wbsearch.aspx POST Method SQL Example: //Fin the -wbsearch.aspx...

uniForum 4 - &#039;wbsearch.aspx&#039; SQL Injection

Title : uniForum wbsearch.aspx Before, see "by User", it write ';update admin set Password='000245'-- Login Admin:http://www.xxx.com/path/wbadmlog.aspx Username: Administrator Password: 000245 /SQL """"""""""""""""""""" ajann,Turkey ... Im not Hacker! milw0rm.com 2007-01-09...

uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================= uniForum wbsearch.aspx Before, see "by User", it write ';update admin set Password='000245'-- Login Admin:http://www.xxx.com/path/wbadmlog.aspx Username: Administrator...

uniForum &lt;= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability

No description provided by source. Title : uniForum = v4 wbsearch.aspx Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : ... Vendor : http://uniforum.biz/ $$ : $99 SQL--------------------------------------------------------- http://target/path//wbsearch.aspx POST Method SQL...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 txtuser or 2 txtpassword parameters...

CVE-2006-1406

CVE-2006-1406 describes cross-site scripting (XSS) vulnerabilities in uniForum 4.0 and earlier, exploitable via the parameters txtuser or txtpassword in wbadmlog.aspx. The NVD entry notes remote injection of arbitrary script/HTML; no exploit details are provided in the connected documents. No rem...

CVE-2006-1406

Multiple cross-site scripting XSS vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 txtuser or 2 txtpassword parameters...

[SA19397] uniForum &quot;websecadmin.aspx&quot; Cross-Site Scripting

TITLE: uniForum "websecadmin.aspx" Cross-Site Scripting SECUNIA ADVISORY ID: SA19397 VERIFY ADVISORY: http://secunia.com/advisories/19397/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: uniForum 4.x http://secunia.com/product/8960/ DESCRIPTION: r0t has reported ...