exploits , vulnerabilities , articles , PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities

Title	PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities
Published	2005-03-12-12:00AM
Updated	2005-03-12-05:15PM
Class	Input Validation Error
CVE	CAN-2005-0780 CAN-2005-0781 CAN-2005-0782
Remote	Yes
Local	No
Credit	Discovery is credited to sp3x.
Vulnerable	PHP Arena paFileDB 3.1 PHP Arena paFileDB 3.0 Beta 3.1 PHP Arena paFileDB 3.0 PHP Arena paFileDB 2.1.1 PHP Arena paFileDB 1.1.3
Not Vulnerable
Code	The following examples were provided to demonstrate SQL injection: http://www.example.com/[pafiledb_dir]/pafiledb.php?action=viewall&start='&sortby=rating http://www.example.com/[pafiledb_dir]/pafiledb.php?action=category&start='&sortby=rating The following examples were provided to demonstrate cross-site scripting: http://www.example.com/[pafiledb_dir]/pafiledb.php?action=viewall&start="><iframe%20src=http://www.securityreason.com></iframe >&sortby=rating http://www.example.com/[pafiledb_dir]/pafiledb.php?action=category&start="><iframe%20src=http://www.securityreason.com></ifram e>&sortby=date
TXT

Vulnerabilities - newest 10 RSS | More

2008-12-01 SystemImager Flamethrower Insecure Temporary File Creation Vulnerabilities
2008-12-01 Rumpus FTP Server Command Argument Remote Buffer Overflow Vulnerability
2008-12-01 Rumpus FTP Server HTTP Command Remote Denial of Service Vulnerability
2008-11-29 Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
2008-11-29 Venalsur Booking Centre Multiple Cross-Site Scripting Vulnerabilities
2008-11-28 ReVou Login SQL Injection Vulnerability
2008-11-28 Web Calendar System SQL Injection and Cross Site Scripting Vulnerabilities
2008-11-28 SailPlanner Login SQL Injection Vulnerability
2008-11-28 Livio.net WEB Calendar Cross Site Scripting and Multiple SQL Injection Vulnerabilities
2008-11-28 Subtext Anchor Tags HTML Injection Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Tue, 02 Dec 2008 04:47:40 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
t135t www:gengbe phpBB 3.0 php-nuke 2 mambo Remo 5H1 3C PHP Advanc naked lati sitekit 22534.html CMS is Fre cat /home/ t333t www PRON H 200 /compo t135t www.freevi hi5.ciom t434t OpenSSH Re Ultimate B xxxporno news for c xxxporno www.deskto Download s ssh1 yui.dll 2007_10_01 WWW.HOT SA global ann xdos www.nowass P m RPC window www.nowass WWW Indian Hotsex.com Woman, Sex WWW.SEXIFI www.web918 2006-027 ph debian roo Vizayn Hab sexy sedymove results of sexfil Aiswarya w