webSPELL 4.1.2 'whoisonline.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27517/info webSPELL is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

webSPELL Dailyinput Movie-Addon ‘portal’参数SQL注入漏洞

BUGTRAQ ID: 53904 webSPELL是一款基于WEB的内容管理程序。 webSPELL dailyinput Movie-addon中存在SQL注入漏洞，该漏洞源于未对用户提供的数据充分的验证即用在SQL查询中。攻击者可利用该漏洞操控应用程序，访问或修改数据，或在底层数据库中利用该漏洞。 0 webSPELL 厂商补丁： webSPELL -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://cms.webspell.org/...

Webspell Dailyinput Movie 4.2.x SQL Injection

======================================================================================== | Title : Webspell 4.2.x dailyinput Movie-Addon SQL Injection Vulnerability | Author : Easy Laster | Script : Webspell 4.2.x dailyinput Movie-Addon | Site : www.kode-designs.com | Download :...

Webspell dailyinput Movie Addon 4.2.x - SQL Injection

Webspell dailyinput Movie Addon 4.2.x - SQL Injection ======================================================================================== | Title : Webspell 4.2.x dailyinput Movie-Addon SQL Injection Vulnerability | Author : Easy Laster | Script : Webspell 4.2.x dailyinput Movie-Addon | Site...

Webspell dailyinput Movie Addon 4.2.x SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================================================================== | Title : Webspell 4.2.x dailyinput Movie-Addon SQL Injection Vulnerability | Author : Easy Laster | Script : Webspell 4.2.x dailyinput Movie-Addon | Site...

Webspell dailyinput Movie Addon 4.2.x - SQL Injection

======================================================================================== | Title : Webspell 4.2.x dailyinput Movie-Addon SQL Injection Vulnerability | Author : Easy Laster | Script : Webspell 4.2.x dailyinput Movie-Addon | Site : www.kode-designs.com | Download :...

Webspell FIRSTBORN Movie-Addon Blind SQL Injection

======================================================================================== | Title : Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability | Author : Easy Laster | Script : Webspell FIRSTBORN Movie-Addon | Site : www.firstborn.de | Price : free | Exploitation : Remote Bli...

Webspell FIRSTBORN Movie-Addon - Blind SQL Injection

Webspell FIRSTBORN Movie-Addon - Blind SQL Injection ======================================================================================== | Title : Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability | Author : Easy Laster | Script : Webspell FIRSTBORN Movie-Addon | Site :...

Webspell FIRSTBORN Movie-Addon - Blind SQL Injection

======================================================================================== | Title : Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability | Author : Easy Laster | Script : Webspell FIRSTBORN Movie-Addon | Site : www.firstborn.de | Price : free | Exploitation : Remote Bli...

Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================================================================== | Title : Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability | Author : Easy Laster | Script : Webspell FIRSTBORN Movie-Addon | Site :...

CVE-2010-4861

SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter...

Sql injection

SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter...

CVE-2010-4861

CVE-2010-4861 is a SQL injection in webSPELL 4.2.1 affecting the asearch.php script. The vulnerability allows remote attackers to pass the search parameter to trigger arbitrary SQL execution. Documented details indicate a network-accessible issue with no authentication required and partial confid...

CVE-2010-4861

SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter...

HTB22933: Multiple Path disclosure in webSPELL

Vulnerability ID: HTB22933 Reference: http://www.htbridge.ch/advisory/multiplepathdisclosureinwebspell.html Product: webSPELL Vendor: http://www.webspell.org/ http://www.webspell.org/ Vulnerable Version: 4.2.2a Vendor Notification: 05 April 2011 Vulnerability Type: Path disclosure Risk level: Low...

HTB22932: Multiple XSS in webSPELL

Vulnerability ID: HTB22932 Reference: http://www.htbridge.ch/advisory/multiplexssinwebspell.html Product: webSPELL Vendor: http://www.webspell.org/ http://www.webspell.org/ Vulnerable Version: 4.2.2a Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Mediu...

webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities

webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/47500/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

webSPELL 4.2.2a Cross Site Scripting / Path Disclosure

================================= Vulnerability ID: HTB22932 Reference: http://www.htbridge.ch/advisory/multiplexssinwebspell.html Product: webSPELL Vendor: http://www.webspell.org/ http://www.webspell.org/ Vulnerable Version: 4.2.2a Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cros...

webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/47500/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Cross-site Scripting (XSS) Vulnerabilities in webSPELL

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in webSPELL which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in webSPELL 1.1 The vulnerability exists due to input sanitation error in the "pass" and "touser...