8 matches found
EUVD-2008-0395
Malware in sbrugna...
Urulu connectionId参数SQL盲注漏洞
BUGTRAQ ID: 28032 CVECAN ID: CVE-2008-0385 Urulu是用PHP、JavaScript和XSL编写的内容管理系统。 Urulu处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞获取敏感信息。 如果向以下URI提交了带有畸形connectionId参数的POST请求的话: /index.php/statprt/js/request /index.php/dyn/js/request 就可能执行SQL注入攻击,导致泄露帐号口令等敏感信息;如果Urulu数据库用户拥有FILE权限的话,还可能通过MySQL的INTO...
Sql injection
SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with 1 statprt/js/request or 2 dyn/js/request in the PATHINFO...
CVE-2008-0385
SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with 1 statprt/js/request or 2 dyn/js/request in the PATHINFO...
CVE-2008-0385
SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with 1 statprt/js/request or 2 dyn/js/request in the PATHINFO...
CVE-2008-0385
Urulu 2.1 contains a SQL injection in the connectionId parameter of index.php via PATH_INFO (statprt/js/request or dyn/js/request). The vulnerability allows remote attackers to extract data from the database, with potential for arbitrary code execution if the database user has FILE privileges (e....
Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385)
COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Urulu Vendor: USystems Subject: Blind SQL Injection Vulnerability Risk: High Author: Daniel Roethlisberger Date: 2008-02-25 CVE Name: CVE-2008-0385 Introduction ------------ An AJAX based Blind SQL Injection vulnerability exists in the Web 2....
Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385)
COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Urulu Vendor: USystems Subject: Blind SQL Injection Vulnerability Risk: High Author: Daniel Roethlisberger Date: 2008-02-25 CVE Name: CVE-2008-0385 Introduction ------------ An AJAX based Blind SQL Injection vulnerability exists in the Web 2....