CVE-2006-5388 – webSPELL 4.01.01 - 'getsquad' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5388
SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783. Vulnerabilidad de inyección de SQL en el archivo index.php en WebSPELL 4.01.01 y anteriores, permite a los atacantes remotos la ejecución de comandos SQL de su elección mediante el parámetro getsquad, un vector diferente al CVE-2006-4783. • https://www.exploit-db.com/exploits/2568 http://www.securityfocus.com/bid/20540 https://exchange.xforce.ibmcloud.com/vulnerabilities/29563 •
CVE-2006-4783
https://notcve.org/view.php?id=CVE-2006-4783
SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter. Vulnerabilidad de inyección SQL en squads.php en WebSPELL 4.01.01 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro squadID. • http://cms.webspell.org/index.php?site=files&file=11 http://secunia.com/advisories/21881 http://translate.google.com/translate?hl=en&sl=de&u=http://webspell.org/&sa=X&oi=translate&resnum=2&ct=result&prev=/search%3Fq%3Dwebspell%26hl%3Den%26lr%3D http://www.vupen.com/english/advisories/2006/3572 https://exchange.xforce.ibmcloud.com/vulnerabilities/28898 •
CVE-2006-4782 – webSPELL 4.01.01 - Database Backup Download
https://notcve.org/view.php?id=CVE-2006-4782
src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. src/index.php en WebSPELL 4.01.01 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos evitar la autenticación y obtener información sensible almacenada en la base de datos, mediante un parámetro userID modificado en una operación de escritura en admin/database.php. • https://www.exploit-db.com/exploits/2352 http://cms.webspell.org/index.php?site=files&file=15 http://secunia.com/advisories/21881 http://www.securityfocus.com/bid/19975 http://www.vupen.com/english/advisories/2006/3572 https://exchange.xforce.ibmcloud.com/vulnerabilities/28896 •
CVE-2006-0728 – webSPELL 4.01 - 'title_op' SQL Injection
https://notcve.org/view.php?id=CVE-2006-0728
SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter. • https://www.exploit-db.com/exploits/1498 http://secunia.com/advisories/18885 http://www.securityfocus.com/bid/16673 http://www.vupen.com/english/advisories/2006/0606 http://www.webspell.org/index.php?site=news_comments&newsID=49&lang=en https://exchange.xforce.ibmcloud.com/vulnerabilities/24708 •