18 matches found
EUVD-2007-0533
Malware in sbrugna...
EUVD-2005-4627
Malware in sbrugna...
CVE-2007-0535
Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the pollid parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The...
CVE-2007-0535
Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the pollid parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The...
CVE-2007-0535
CVE-2007-0535 (and related CVE-2007-0504) affect Vote! Pro 4.0 and possibly earlier, via eval injection in poll_frame.php where the poll_id parameter is passed to eval. This allows remote attackers to execute arbitrary code due to unsanitized input in PHP scripts; vectors are not fully detailed b...
CVE-2007-0504
Eval injection vulnerability in pollframe.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the pollid parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632...
EUVD-2007-0502
Eval injection vulnerability in pollframe.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the pollid parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632...
CVE-2007-0504
CVE-2007-0504 is an eval-injection vulnerability in Vote! Pro 4.0 (poll_frame.php and possibly other scripts). It allows remote attackers to execute arbitrary code by supplying a malicious poll_id that is passed to an eval() call. Descriptions from connected records confirm the poll_id/eval vecto...
Vote-Pro 4.0 (poll_frame.php poll_id) Remote Code Execution Exploit
No description provided by source. r0ut3r Presents... Another r0ut3r discovery! &n...
Vote!Pro eval()调用代码注入漏洞
Vote!Pro是一个可以自定义的在线投票和调查程序。 Vote!Pro处理有用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意命令。 Vote!Pro的pollframe.php文件没有正确地过滤eval调用所使用的pollid参数,允许攻击者通过提交特制的参数值注入并执行任意PHP代 Vote! Pro 4.0 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.vote-pro.com/ http://www.sebug.net/show-exp-995.html...
votepro40-exec.txt
r0ut3r Presents... Another r0ut3r discovery! writ3r at gmail.com Vote-Pro Code Injection 0day Exploit Software: Vote-Pro 4.0 Vendor: http://www.vote-pro.com/ Released: 2007/01/23 Discovered & Exploit By: r0ut3r writ3r at gmail.com Note: The information provided in this document is for Vote-Pro...
Vote-Pro 4.0 - poll_frame.php?poll_id Remote Code Execution
Vote-Pro 4.0 - pollframe.php?pollid Remote Code Execution r0ut3r Presents... Another r0ut3r discovery! writ3r at gmail.com Vote-Pro Code Injection 0day Exploit Software: Vote-Pro 4.0 Vendor: http://www.vote-pro.com/ Released: 2007/01/23 Discovered & Exploit By: r0ut3r writ3r at gmail.com...
Vote-Pro 4.0 (poll_frame.php poll_id) Remote Code Execution Exploit
Exploit for unknown platform in category web applications =================================================================== Vote-Pro 4.0 pollframe.php pollid Remote Code Execution Exploit =================================================================== r0ut3r Presents... Another r0ut3r...
Vote-Pro 4.0 - 'poll_frame.php?poll_id' Remote Code Execution
r0ut3r Presents... Another r0ut3r discovery! writ3r at gmail.com Vote-Pro Code Injection 0day Exploit Software: Vote-Pro 4.0 Vendor: http://www.vote-pro.com/ Released: 2007/01/23 Discovered & Exploit By: r0ut3r writ3r at gmail.com...
CVE-2005-4632
CVE-2005-4632 describes a SQL injection in poll_frame.php affecting Vote! Pro 4.0 and earlier. The vulnerability arises through the poll_id parameter, enabling remote attackers to issue arbitrary SQL commands. The connected documents corroborate the same advisory detail across multiple sources (C...
CVE-2005-4632
SQL injection vulnerability in pollframe.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pollid parameter...
CVE-2005-4632
SQL injection vulnerability in pollframe.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pollid parameter...
Vote! Pro 4.x "poll_id" Sql inj.
Vote! Pro 4.x "pollid" Sql inj. Vuln. dicovered by : r0t Date: 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/vote-pro-4x-pollid-sql-inj.html Vendor: Shedix.com Product link: http://www.vote-pro.com/ affected version: 4.x and prior. Product Description: Vote! Pro 4.0 is php...