15 matches found
EUVD-2006-2282
Malware in sbrugna...
EUVD-2006-3953
Malware in sbrugna...
X-Scripts X-Poll 1.10 Top.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19236/info X-Poll is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...
xpoll-upload.txt
X-Poll Directory Traversal Vulnerability&Arbitrary File Upload By: e.wiZz! Site: madspot.org Info: Zeljko Komsic please kill your self and other 2 plz. In the wild: -------------------------- X-Poll Version 2.0 allows you to create polls with unlimited options which have their own start and expir...
X-Scripts X-Poll Top.PHP SQL注入漏洞
X-Poll是一款基于PHP的投票程序。 X-Poll不正确处理用户提交的WEB数据,远程攻击者可以利用漏洞进行SQL注入获得敏感信息。 问题存在于'Top.PHP'脚本中,由于对用户提交的'poll'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 X-Scripts X-Poll 1.10 http://members.lycos.co.uk/xscripts03/ http://www.example.com/poll/top.php?poll=' AND 0 UNION SELECT 0,...
xpoll110.txt
Discovered by Sirdarckcat from elhacker.net X-Poll 1.10 http://members.lycos.co.uk/xscripts03/ ============================================== X-Poll is a simple poll maker for simple PHP web sites. This has a SQL Injection vulnerability. ============================================== PoC:...
[Full-disclosure] X-Poll SQL Injection Vulnerability
Discovered by Sirdarckcat from elhacker.net X-Poll 1.10 http://members.lycos.co.uk/xscripts03/ ============================================== X-Poll is a simple poll maker for simple PHP web sites. This has a SQL Injection vulnerability. ============================================== PoC:...
CVE-2006-3960
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
CVE-2006-3960
The CVE-2006-3960 entry concerns a SQL injection in the X-Scripts X-Poll component, specifically in top.php (likely version 2.30). The vulnerability can be triggered via the poll parameter, enabling remote attackers to execute arbitrary SQL commands. Impact is listed as partial confidentiality/in...
CVE-2006-3960
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
X-Scripts X-Poll 1.10 - top.php SQL Injection
X-Scripts X-Poll 1.10 - top.php SQL Injection source: https://www.securityfocus.com/bid/19236/info X-Poll is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromis...
CVE-2006-2281
X-Scripts X-Poll xpoll 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it...
CVE-2006-2281
X-Scripts X-Poll xpoll 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it...
CVE-2006-2281
X-Scripts X-Poll (xpoll) 2.30 is affected by an RCE via admin/images/add.php: an attacker can upload a PHP file and access it remotely. The underlying issue is improper file upload handling that allows execution of arbitrary PHP code. This affects the product as described in CVE-2006-2281 and is ...
X-POLL admin By-Pass
google dork: inurl:x-poll and add to /admin/images/add.php , upload to shell, and mass deface is server www.ayyildiz.org...