16 matches found
EUVD-2006-3330
Malware in sbrugna...
EUVD-2005-4614
Malware in sbrugna...
EUVD-2006-3329
Malware in sbrugna...
Zorum index.php多个参数SQL注入漏洞
BUGTRAQ: 18681 Zorum是一款用PHP实现的免费开源论坛程序。 Zorum处理用户请求时存在多个输入验证漏洞,远程攻击者可能利用此漏洞对服务器进行SQL注入攻击。 Zorum的index.php脚本没有正确的过滤用户输入中的offset、tid、fromid、sortby、fromfrommethod和fromfromlist参数,允许远程攻击者执行SQL注入攻击。 BUGTRAQ: 18681 厂商补丁: PHPOutsourcing -------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
CVE-2006-3333
Cross-site scripting XSS vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the 1 frommethod, 2 list, and 3 method, which are reflected in an error message. NOTE: some of these vectors might be...
CVE-2006-3332
SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the 1 offset, 2 tid, 3 fromid, 4 sortby, 5 fromfrommethod, and 6 fromfromlist parameters...
CVE-2006-3332
SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the 1 offset, 2 tid, 3 fromid, 4 sortby, 5 fromfrommethod, and 6 fromfromlist parameters...
CVE-2006-3333
Cross-site scripting XSS vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the 1 frommethod, 2 list, and 3 method, which are reflected in an error message. NOTE: some of these vectors might be...
CVE-2006-3332
CVE-2006-3332 is a SQL injection vulnerability in Zorum Forum 3.5 affecting index.php. The flaw allows remote attackers to inject SQL commands via six parameters: offset, tid, fromid, sortby, fromfrommethod, and fromfromlist. The underlying issue is unsafe handling/concatenation of user-supplied ...
CVE-2006-3333
The CVE-2006-3333 entry describes a Cross-site Scripting (XSS) vulnerability in Zorum Forum 3.5, specifically in index.php. The flaw allows remote attackers to inject web script or HTML through multiple unspecified parameters (notably frommethod, list, and method) which are reflected in an error ...
Zorum Forum 3.5 (rollid) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ===================================================== Zorum Forum 3.5 rollid Remote SQL Injection Exploit ===================================================== !/usr/bin/perl use LWP::UserAgent;...
Zorum Forum 3.5 - rollid SQL Injection
Zorum Forum 3.5 - rollid SQL Injection !/usr/bin/perl use LWP::UserAgent; ------------------------------------------------------------------------------------------- Zorum forum http://zorum.phpoutsourcing.com/ version 3.5 sql injection exploit by 1dt.w0lf // RusH security team work on all mysql...
CVE-2005-4619
SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method...
CVE-2005-4619
CVE-2005-4619 affects Zorum Forum 3.5 and earlier (index.php showhtmllist) where the rollid parameter is vulnerable to SQL injection, allowing remote attackers to execute arbitrary SQL commands. This is documented as a SQL injection vulnerability in Zorum/phpoutsourcing code; no patch/version det...
CVE-2005-4619
SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method...
Zorum Forum 3.5 "rollid" SQL inj. vuln.
Zorum Forum 3.5 "rollid" SQL inj. vuln. Vuln. dicovered by : r0t Date: 26 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/zorum-forum-35-rollid-sql-inj-vuln.html Vendor:http://zorum.phpoutsourcing.com/index.php affected version: 3.5 and prior Vuln. Description: Input passed to the...