16 matches found
CVE-2006-3487
VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb...
EUVD-2006-3483
Malware in sbrugna...
EUVD-2006-3398
Malware in sbrugna...
CVE-2006-3488
Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim...
VirtuaStore 2.0 Password Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18790/info VirtuaStore is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the...
CVE-2006-3488
Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim...
CVE-2006-3487
VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb...
CVE-2006-3488
Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim...
CVE-2006-3487
Summary: CVE-2006-3487 affects VirtuaStore 2.0, where sensitive files are stored under the web root with insufficient access control. This allows remote attackers to obtain local database information by directly accessing the path database/virtuastore.mdb. Impact (as stated): Disclosure of local ...
CVE-2006-3488
The CVE-2006-3488 entry concerns an absolute path traversal in VirtuaStore 2.0, specifically the administrador.asp component. According to the provided documents, the vulnerability allows remote attackers to read arbitrary directories or files by supplying an absolute path with a Windows drive le...
CVE-2006-3487
VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb...
CVE-2006-3402
SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in...
CVE-2006-3402
SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in...
CVE-2006-3402
CVE-2006-3402 describes a SQL injection vulnerability in VirtuaStore 2.0 that allows remote attackers to execute arbitrary SQL commands via the password parameter during login. The issue affects VirtuaStore 2.0 and is caused by improper handling of input in the login flow, enabling an attacker to...
VirtuaStore 2.0 - Password SQL Injection
VirtuaStore 2.0 - Password SQL Injection source: https://www.securityfocus.com/bid/18790/info VirtuaStore is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise...
VirtuaStore 2.0 - 'Password' SQL Injection
source: https://www.securityfocus.com/bid/18790/info VirtuaStore is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access or modify data, ...