15 matches found
EUVD-2006-1554
Malware in sbrugna...
EUVD-2006-1555
Malware in sbrugna...
[eVuln] VSNS Lemon Multiple Vulnerabilities
New eVuln Advisory: VSNS Lemon Multiple Vulnerabilities http://evuln.com/vulns/106/summary.html --------------------Summary---------------- eVuln ID: EV0106 CVE: CVE-2006-1553 CVE-2006-1554 CVE-2006-1555 Vendor: Tachyon Vendor's Web Site: http://tachyondecay.net/ Software: VSNS Lemon Versions:...
CVE-2006-1553
SQL injection vulnerability in functions/finalfunctions.php in VSNS Lemon 3.2.0, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment...
Sql injection
SQL injection vulnerability in functions/finalfunctions.php in VSNS Lemon 3.2.0, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter...
Authentication flaw
VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsnstopicid cookie to the targeted topic...
CVE-2006-1555
VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsnstopicid cookie to the targeted topic...
CVE-2006-1554
Cross-site scripting XSS vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment...
CVE-2006-1555
CVE-2006-1555 affects VSNS Lemon 3.2.0. The vulnerability is a cookie-based authentication bypass: remote attackers can access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic. Impact is authenticated-access to protected content without credentials, with netw...
CVE-2006-1553
VSNS Lemon 3.2.0 is affected by CVE-2006-1553 due to an SQL injection in functions/final_functions.php when magic_quotes_gpc is disabled. The vulnerable parameter is id, enabling remote attackers to inject arbitrary SQL commands. This is a server-side input validation flaw in the PHP code path ha...
CVE-2006-1554
CVE-2006-1554 concerns a cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0. The issue arises from insufficient sanitization of the name parameter in the comment-adding workflow, allowing remote attackers to inject arbitrary web scripts or HTML. The vulnerability is tied to the comment ...
CVE-2006-1554
Cross-site scripting XSS vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment...
CVE-2006-1555
VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsnstopicid cookie to the targeted topic...
CVE-2006-1553
SQL injection vulnerability in functions/finalfunctions.php in VSNS Lemon 3.2.0, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter...