17 matches found
EUVD-2006-3953
Malware in sbrugna...
EUVD-2006-3943
Malware in sbrugna...
EUVD-2006-3952
Malware in sbrugna...
X-Scripts X-Poll Top.PHP SQL注入漏洞
X-Poll是一款基于PHP的投票程序。 X-Poll不正确处理用户提交的WEB数据,远程攻击者可以利用漏洞进行SQL注入获得敏感信息。 问题存在于'Top.PHP'脚本中,由于对用户提交的'poll'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 X-Scripts X-Poll 1.10 http://members.lycos.co.uk/xscripts03/ http://www.example.com/poll/top.php?poll=' AND 0 UNION SELECT 0,...
X-Scripts X-Statistics X-Statistics.PHP SQL注入漏洞
X-Statistics是一款基于PHP的统计程序。 X-Statistics不正确处理用户提交的WEB数据,远程攻击者可以利用漏洞进行SQL注入获得敏感信息。 问题存在于'X-Statistics.PHP'脚本中,由于对用户提交的URI参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 X-Scripts X-Statistics 1.20 http://members.lycos.co.uk/xscripts03/ GET /x-statistics.php HTTP/1.1 Host: www.example.com User-Agent:...
X-Scripts X-Protection Protect.PHP SQL注入漏洞
X-Protection是一款基于PHP的投票程序。 X-Protection不正确处理用户提交的WEB数据,远程攻击者可以利用漏洞进行SQL注入获得敏感信息。 问题存在于'protect.PHP'脚本中,由于对用户提交的'password'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 X-Scripts X-Protection 1.10 http://members.lycos.co.uk/xscripts03/ POST: username='/&password=/%20AND%201=0%20UNION%20SELECT%20999/...
CVE-2006-3960
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
CVE-2006-3950
SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header...
CVE-2006-3959
SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameter...
CVE-2006-3960
The CVE-2006-3960 entry concerns a SQL injection in the X-Scripts X-Poll component, specifically in top.php (likely version 2.30). The vulnerability can be triggered via the poll parameter, enabling remote attackers to execute arbitrary SQL commands. Impact is listed as partial confidentiality/in...
CVE-2006-3960
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
CVE-2006-3950
SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header...
CVE-2006-3950
CVE-2006-3950 describes an SQL injection in X-Scripts X-Statistics 1.20, triggered through the User-Agent HTTP header in x-statistics.php. The vulnerability allows remote attackers to execute arbitrary SQL commands. Affected product/version: X-Scripts X-Statistics 1.20 (component: x-statistics.ph...
X-Scripts X-Poll 1.10 - top.php SQL Injection
X-Scripts X-Poll 1.10 - top.php SQL Injection source: https://www.securityfocus.com/bid/19236/info X-Poll is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromis...
CVE-2006-2281
X-Scripts X-Poll xpoll 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it...
CVE-2006-2281
X-Scripts X-Poll xpoll 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it...
CVE-2006-2281
X-Scripts X-Poll (xpoll) 2.30 is affected by an RCE via admin/images/add.php: an attacker can upload a PHP file and access it remotely. The underlying issue is improper file upload handling that allows execution of arbitrary PHP code. This affects the product as described in CVE-2006-2281 and is ...