exploits , vulnerabilities , articles , PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities

Title	PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities
Published	2005-03-12-12:00AM
Updated	2005-03-12-05:15PM
Class	Input Validation Error
CVE	CAN-2005-0780 CAN-2005-0781 CAN-2005-0782
Remote	Yes
Local	No
Credit	Discovery is credited to sp3x.
Vulnerable	PHP Arena paFileDB 3.1 PHP Arena paFileDB 3.0 Beta 3.1 PHP Arena paFileDB 3.0 PHP Arena paFileDB 2.1.1 PHP Arena paFileDB 1.1.3
Not Vulnerable
Code	The following examples were provided to demonstrate SQL injection: http://www.example.com/[pafiledb_dir]/pafiledb.php?action=viewall&start='&sortby=rating http://www.example.com/[pafiledb_dir]/pafiledb.php?action=category&start='&sortby=rating The following examples were provided to demonstrate cross-site scripting: http://www.example.com/[pafiledb_dir]/pafiledb.php?action=viewall&start="><iframe%20src=http://www.securityreason.com></iframe >&sortby=rating http://www.example.com/[pafiledb_dir]/pafiledb.php?action=category&start="><iframe%20src=http://www.securityreason.com></ifram e>&sortby=date
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-18 ReVou Comment Field HTML Injection Vulnerability
2009-12-18 Adobe Flash Media Server Resource Exhaustion Remote Denial of Service Vulnerability
2009-12-18 Centreon Authentication Mechanism Security Bypass Vulnerability
2009-12-18 Family Connections Multiple Input Validation Vulnerabilities
2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Sat, 19 Dec 2009 01:40:42 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
WWW.ultra ms05-053 Desibabeis akse sexy saxy girl Xxx adult php-nuke 2 +%09Vbulle Www.camasu Freevideos maxcpm.inf blackberry .4.31 news for c rocket 7**# ...t/admin Crack Data Vsnl IHDR OpenSSH 4. shakeela f daoyijian. saniamirza maxcpm.inf \\r\\nNews porn vido 3gp video thrisha ve news for c cisco ios localhost winx kernel 2.4 ashwari ra www.010jdn www.89.com news for c Www hot gi maxcpm.inf www.sexx.c Crack Data Kaspersky unblock yo port 1114 sex video news for c side effec Sexc Crack Data