EUVD-2006-1555

Malware in sbrugna...

EUVD-2006-1554

Malware in sbrugna...

[eVuln] VSNS Lemon Multiple Vulnerabilities

New eVuln Advisory: VSNS Lemon Multiple Vulnerabilities http://evuln.com/vulns/106/summary.html --------------------Summary---------------- eVuln ID: EV0106 CVE: CVE-2006-1553 CVE-2006-1554 CVE-2006-1555 Vendor: Tachyon Vendor's Web Site: http://tachyondecay.net/ Software: VSNS Lemon Versions:...

CVE-2006-1555

VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsnstopicid cookie to the targeted topic...

CVE-2006-1553

SQL injection vulnerability in functions/finalfunctions.php in VSNS Lemon 3.2.0, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2006-1554

Cross-site scripting XSS vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment...

Sql injection

SQL injection vulnerability in functions/finalfunctions.php in VSNS Lemon 3.2.0, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2006-1555

VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsnstopicid cookie to the targeted topic...

CVE-2006-1555

CVE-2006-1555 affects VSNS Lemon 3.2.0. The vulnerability is a cookie-based authentication bypass: remote attackers can access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic. Impact is authenticated-access to protected content without credentials, with netw...

CVE-2006-1554

CVE-2006-1554 concerns a cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0. The issue arises from insufficient sanitization of the name parameter in the comment-adding workflow, allowing remote attackers to inject arbitrary web scripts or HTML. The vulnerability is tied to the comment ...