55 matches found
W2B Dating Club - 'browse.php' SQL Injection
source: https://www.securityfocus.com/bid/28737/info W2B Dating Club is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modi...
Cross site scripting
Cross-site scripting XSS vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980...
CVE-2007-3174
Cross-site scripting XSS vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980...
Sql injection
Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via 1 the draft parameter to mailer.w2b or 2 the listDocPay parameter to DocPay.w2b...
CVE-2007-3175
Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via 1 the draft parameter to mailer.w2b or 2 the listDocPay parameter to DocPay.w2b...
CVE-2007-3174
Cross-site scripting XSS vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980...
CVE-2007-3174
CVE-2007-3174 is an XSS vulnerability in W2B Online Banking (auth.w2b) exploitable via the adtype parameter (vector distinct from CVE-2006-1980). Public metrics show a CVSS v2 base score of 4.3 (Medium) with Network attack vector, requiring no authentication, no confidentiality impact, but partia...
CVE-2007-3175
CVE-2007-3175 describes multiple SQL injection vulnerabilities in W2B Online Banking. The affected components are the web applications handling mailer.w2b and DocPay.w2b, where user-supplied input in the draft and listDocPay parameters can be exploited to alter or execute SQL commands remotely. T...
CVE-2007-3175
Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via 1 the draft parameter to mailer.w2b or 2 the listDocPay parameter to DocPay.w2b...
CVE-2006-1980
Cross-site scripting XSS vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 SID parameter, or 3 ilang parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 SID parameter, or 3 ilang parameter...
CVE-2006-1980
Cross-site scripting XSS vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 SID parameter, or 3 ilang parameter...
CVE-2006-1980
CVE-2006-1980 is an XSS vulnerability in W2B Online Banking. The vulnerability allows remote attackers to inject arbitrary script via (1) query string, (2) SID parameter, or (3) ilang parameter. The NVD entry reports a CVSS v2.0 base score of 2.6 (low) with Network attack vector, high attack comp...
[SA19717] W2B Online Banking "SID" Cross-Site Scripting Vulnerability
TITLE: W2B Online Banking "SID" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA19717 VERIFY ADVISORY: http://secunia.com/advisories/19717/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: W2B Online Banking http://secunia.com/product/9461/ DESCRIPTION:...
W2B Online Banking vuln.
W2B Online Banking vuln. Vuln. discovered by : r0t Date: 20 april 2006 vendorlink:www.w2b.ru/OnlineBanking/index.php affected versions:last/actual orginal advisory: http://pridels.blogspot.com/2006/04/w2b-online-banking-vuln.html Vuln. Description: W2B Online Banking contains a flaw that allows a...