| |
| |
Subjects 2.0 Postnuke
module SQL-Injection vulnerabilities.
@Date: Sep 09 2004.
Multiple SQL-Injections, Proof of concept to retrieve the MD5
password hash of a user. |
getIntranet Multiple
vulnerabilities.
@Date:
Sep 09 2004.
Multiple SQL-Injections, Cross-Site Scripting, ID spoof, File
upload vulnerability, ASP code execution on the server, Privilege
escalation vulnerability... |
getInternet SQL-Injection
vulnerabilities.
@Date:
Sep 09 2004.
An attacker can use stored procedures like master..xp_cmdshell
to perform remote execution. |
Password Protect
XSS and SQL-Injection vulnerabilities.
@Date:
Aug 30 2004.
A remote user can use an sql-injection attack to login as admin
or manipulate the database, also can conduct XSS attacks. |
ADSL Barricade
(SMC7204BRA) Denial of Service.
@Date:
Aug 30 2004.
Denial of service in the web-based management user interface |
Vulnerabilities
in Merak Webmail Server.
@Date: Aug 17 2004.
Cross-Site Scripting, Full path disclosure, Exposure of PHP files,
SQL-Injection.. (Advisory Attachment) |
Props
XSS and Remote File Viewing Vulnerability.
@Date:
May 1 2004.
A remote user can view files on the system. A remote user can
also conduct cross-site scripting attacks. |
NewsPHP
Authentication Flaw Lets Remote Users Gain Administrative Access.
@Date: Apr 12 2004.
A remote user can gain administrative access on the application.
A remote authenticated administrator can upload arbitrary files.
Cross-site scripting attacks are also possible. |
A-CART
Input Validation Hole Lets Remote Users Inject SQL Commands and
XSS.
@Date: Mar 29 2004.
A remote user can inject SQL commands and conduct cross-site scripting
attacks. |
Expinion
Member Management System Input Validation Holes Let Remote Users
Inject SQL and Conduct Cross-Site Scripting Attacks.
@Date: Mar 20 2004.
A remote user can inject SQL commands and conduct cross-site scripting
attacks. |
Expinion
News Manager Authentication Flaw Lets Remote Users Gain Administrator
Access.
@Date: Mar 20 2004.
A remote user can hijack the administrator's account, inject SQL
commands, and conduct cross-site scripting attacks. |
ASP
Portal Has Multiple Flaws That Let Remote Users Hijack Accounts,
Inject SQL Commands, and Conduct Cross-Site Scripting Attacks.
@Date: Feb 14 2004.
A remote user can inject SQL commands and can hijack user accounts.
A remote user can also conduct cross-site scripting attacks. |
MaxWebPortal
Input Validation Holes Permit SQL Injection and Cross-Site Scripting
Attacks.
@Date: Feb 11 2004.
A remote user can supply a specially crafted value to execute
certain SQL queries on the target system's database.
A remote user can conduct cross-site scripting attacks. |
PHPX
Cookie Authentication Flaw Lets Remote Users Hijack a Target User's
Account.
@Date: Feb 3 2004.
A remote user can hijack a target user's account. A remote user
can conduct cross-site scripting attacks. |
|
