18 matches found
EUVD-2006-4600
Malware in sbrugna...
EUVD-2006-2541
Malware in sbrugna...
ZixForum 1.12 Forum.ASP Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/16406/info ZixForum is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitatio...
Zixforum ZixForum.mdb Database Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10982/info Zixforum is reported prone to a database disclosure vulnerability. It is reported that remote users may download the database file ''ZixForum.mdb' and gain access to sensitive information including unencrypted...
Improper access control
ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the...
CVE-2007-0543
ZixForum CVE-2007-0543 affects ZixForum 1.14 and earlier where the web root stores the database (ZixForum.mdb) with insufficient access control, enabling remote attackers to download sensitive data via a direct request. Connected sources corroborate that this vulnerability arises from an exposed ...
ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability
ZixForum = 1.14 Zixforum.mdb Remote Password Disclosure Vulnerability Script: ZixForum Version: 1.14 URL: http://www.hotscripts.com/jump.php?listingid=58424&jumptype=1 Risk: Low Foud by: BorN To K!LL Explo!T:. ^^^^^^ www.site.com/path/Zixforum.mdb GreeTz :. Dr.2 , Asbmay , General C , ToOoFa ,...
ZixForum ReplyNew.ASP SQL注入漏洞
ZixForum是一款基于PHP的网络日记程序。 ZixForum不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'ReplyNew.ASP'脚本对用户提交的"RepId"参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 Zixforum Zixforum 1.12 http://dns2go.deerfield.com/status/index.cfm?fqdn=john.mypc.nu Username :...
Zix Forum 1.12 - RepId SQL Injection (2)
Zix Forum 1.12 - RepId SQL Injection 2 !/usr/bin/perl ZIXForum Google dork: intext:"ZIXForum 1.12 by: ZixCom 2002" use IO::Socket::INET; usage unless @ARGV == 2; $host = shift@ARGV; $dir = shift@ARGV; $dir = "/$dir" if $dir ! /^//; $dir = "$dir/" if $dir ! //$/; $host = s/http:////g; $path =...
CVE-2006-4612
CVE-2006-4612 affects ZIXForum 1.12; vulnerable component is ReplyNew.asp, exploitable via the RepId parameter to cause SQL injection. The vulnerability allows remote attackers to execute arbitrary SQL commands, with potential impact on confidentiality, integrity, and availability as indicated by...
forum112.txt
©ZIXForum 1.12 = "RepId" Remote SQL Injection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Credit by | Chironex Fleckeri Mail | [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Username :...
(c)ZIXForum 1.12 <= "RepId" Remote SQL Injection
cZIXForum 1.12 = "RepId" Remote SQL Injection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Credit by | Chironex Fleckeri Mail | [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Username :...
CVE-2006-2541
SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to 1 login.asp and 2 main.asp...
Sql injection
SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to 1 login.asp and 2 main.asp...
CVE-2006-2541
SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to 1 login.asp and 2 main.asp...
CVE-2005-4334
SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the HID parameter to 1 zixforum/forum.asp, as used in 2 Headforums.asp and 3 Subject.asp...
ZixForum 1.12 - forum.asp Multiple SQL Injections
ZixForum 1.12 - forum.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/16406/info ZixForum is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query...
ZixForum 1.12 - 'forum.asp' Multiple SQL Injections
source: https://www.securityfocus.com/bid/16406/info ZixForum is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to...