Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    16 vulnerabilities by eticket

    CVE-2008-5165 (GCVE-0-2008-5165)

    Vulnerability from nvd – Published: 2008-11-19 18:00 – Updated: 2024-08-07 10:40
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-06-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:40:17.181Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html"
              },
              {
                "name": "30877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30877"
              },
              {
                "name": "eticket-pri-sql-injection(43398)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43398"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.eticketsupport.com/announcements/170_is_in_the_building-t91.0.html"
              },
              {
                "name": "1020379",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020379"
              },
              {
                "name": "29973",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29973"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html"
            },
            {
              "name": "30877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30877"
            },
            {
              "name": "eticket-pri-sql-injection(43398)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43398"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.eticketsupport.com/announcements/170_is_in_the_building-t91.0.html"
            },
            {
              "name": "1020379",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020379"
            },
            {
              "name": "29973",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29973"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5165",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html",
                  "refsource": "MISC",
                  "url": "http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html"
                },
                {
                  "name": "30877",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30877"
                },
                {
                  "name": "eticket-pri-sql-injection(43398)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43398"
                },
                {
                  "name": "http://www.eticketsupport.com/announcements/170_is_in_the_building-t91.0.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.eticketsupport.com/announcements/170_is_in_the_building-t91.0.html"
                },
                {
                  "name": "1020379",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020379"
                },
                {
                  "name": "29973",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29973"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5165",
        "datePublished": "2008-11-19T18:00:00.000Z",
        "dateReserved": "2008-11-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:40:17.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0552 (GCVE-0-2008-0552)

    Vulnerability from nvd – Published: 2008-02-01 19:41 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:54.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "eticket-index-xss(39968)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39968"
              },
              {
                "name": "27473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27473"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt"
              },
              {
                "name": "1019278",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019278"
              },
              {
                "name": "20080127 eTicket \u0027index.php\u0027 Cross Site Scripting Path Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487133/100/0/threaded"
              },
              {
                "name": "3601",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3601"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "eticket-index-xss(39968)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39968"
            },
            {
              "name": "27473",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27473"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt"
            },
            {
              "name": "1019278",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019278"
            },
            {
              "name": "20080127 eTicket \u0027index.php\u0027 Cross Site Scripting Path Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487133/100/0/threaded"
            },
            {
              "name": "3601",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3601"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0552",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "eticket-index-xss(39968)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39968"
                },
                {
                  "name": "27473",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27473"
                },
                {
                  "name": "http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt",
                  "refsource": "MISC",
                  "url": "http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt"
                },
                {
                  "name": "1019278",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019278"
                },
                {
                  "name": "20080127 eTicket \u0027index.php\u0027 Cross Site Scripting Path Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487133/100/0/threaded"
                },
                {
                  "name": "3601",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3601"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0552",
        "datePublished": "2008-02-01T19:41:00.000Z",
        "dateReserved": "2008-02-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:54.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0268 (GCVE-0-2008-0268)

    Vulnerability from nvd – Published: 2008-01-15 19:00 – Updated: 2024-08-07 07:39
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/485835/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/28331 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/27173 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3542 third-party-advisoryx_refsource_SREASON
    Date Public
    2008-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:39:34.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
              },
              {
                "name": "eticket-view-xss(39488)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39488"
              },
              {
                "name": "28331",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28331"
              },
              {
                "name": "27173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27173"
              },
              {
                "name": "3542",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3542"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
            },
            {
              "name": "eticket-view-xss(39488)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39488"
            },
            {
              "name": "28331",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28331"
            },
            {
              "name": "27173",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27173"
            },
            {
              "name": "3542",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3542"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0268",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
                },
                {
                  "name": "eticket-view-xss(39488)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39488"
                },
                {
                  "name": "28331",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28331"
                },
                {
                  "name": "27173",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27173"
                },
                {
                  "name": "3542",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3542"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0268",
        "datePublished": "2008-01-15T19:00:00.000Z",
        "dateReserved": "2008-01-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:39:34.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0266 (GCVE-0-2008-0266)

    Vulnerability from nvd – Published: 2008-01-15 19:00 – Updated: 2024-08-07 07:39
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/485835/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/28331 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/27173 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3542 third-party-advisoryx_refsource_SREASON
    Date Public
    2008-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:39:34.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
              },
              {
                "name": "eticket-admin-csrf(39490)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39490"
              },
              {
                "name": "28331",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28331"
              },
              {
                "name": "27173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27173"
              },
              {
                "name": "3542",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3542"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks.  NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
            },
            {
              "name": "eticket-admin-csrf(39490)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39490"
            },
            {
              "name": "28331",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28331"
            },
            {
              "name": "27173",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27173"
            },
            {
              "name": "3542",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3542"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0266",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks.  NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
                },
                {
                  "name": "eticket-admin-csrf(39490)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39490"
                },
                {
                  "name": "28331",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28331"
                },
                {
                  "name": "27173",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27173"
                },
                {
                  "name": "3542",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3542"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0266",
        "datePublished": "2008-01-15T19:00:00.000Z",
        "dateReserved": "2008-01-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:39:34.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0267 (GCVE-0-2008-0267)

    Vulnerability from nvd – Published: 2008-01-15 19:00 – Updated: 2024-08-07 07:39
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/485835/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/28331 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/27173 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3542 third-party-advisoryx_refsource_SREASON
    Date Public
    2008-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:39:34.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "eticket-admin-sql-injection(39487)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39487"
              },
              {
                "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
              },
              {
                "name": "eticket-search-sql-injection(39489)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39489"
              },
              {
                "name": "28331",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28331"
              },
              {
                "name": "27173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27173"
              },
              {
                "name": "3542",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3542"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "eticket-admin-sql-injection(39487)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39487"
            },
            {
              "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
            },
            {
              "name": "eticket-search-sql-injection(39489)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39489"
            },
            {
              "name": "28331",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28331"
            },
            {
              "name": "27173",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27173"
            },
            {
              "name": "3542",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3542"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0267",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "eticket-admin-sql-injection(39487)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39487"
                },
                {
                  "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
                },
                {
                  "name": "eticket-search-sql-injection(39489)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39489"
                },
                {
                  "name": "28331",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28331"
                },
                {
                  "name": "27173",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27173"
                },
                {
                  "name": "3542",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3542"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0267",
        "datePublished": "2008-01-15T19:00:00.000Z",
        "dateReserved": "2008-01-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:39:34.194Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0093 (GCVE-0-2008-0093)

    Vulnerability from nvd – Published: 2008-01-08 01:00 – Updated: 2024-08-07 07:32
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/27130 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.digitrustgroup.com/advisories/web-appl… x_refsource_MISC
    http://secunia.com/advisories/28331 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:32:23.849Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27130",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27130"
              },
              {
                "name": "eticket-name-subject-xss(39400)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39400"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitrustgroup.com/advisories/web-application-security-eticket.html"
              },
              {
                "name": "28331",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28331"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27130",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27130"
            },
            {
              "name": "eticket-name-subject-xss(39400)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39400"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitrustgroup.com/advisories/web-application-security-eticket.html"
            },
            {
              "name": "28331",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28331"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0093",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27130",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27130"
                },
                {
                  "name": "eticket-name-subject-xss(39400)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39400"
                },
                {
                  "name": "http://www.digitrustgroup.com/advisories/web-application-security-eticket.html",
                  "refsource": "MISC",
                  "url": "http://www.digitrustgroup.com/advisories/web-application-security-eticket.html"
                },
                {
                  "name": "28331",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28331"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0093",
        "datePublished": "2008-01-08T01:00:00.000Z",
        "dateReserved": "2008-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:32:23.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2801 (GCVE-0-2007-2801)

    Vulnerability from nvd – Published: 2007-06-30 01:00 – Updated: 2024-08-07 13:49
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters. NOTE: the vendor disputes the significance of the issue, stating that "eTicket is not designed to work with register_globals On."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/472434/100… mailing-listx_refsource_BUGTRAQ
    http://marc.info/?l=full-disclosure&m=11829786490… mailing-listx_refsource_FULLDISC
    http://www.vupen.com/english/advisories/2007/2372 vdb-entryx_refsource_VUPEN
    http://www.osvdb.org/34786 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.netvigilance.com/advisory0031 x_refsource_MISC
    http://www.securityfocus.com/bid/24681 vdb-entryx_refsource_BID
    http://secunia.com/advisories/25871 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/472514/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/473095/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-06-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:49:57.471Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070627 eTicket version 1.5.5 XSS Attack Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/472434/100/0/threaded"
              },
              {
                "name": "20070627 eTicket version 1.5.5 XSS Attack Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=full-disclosure\u0026m=118297864900677\u0026w=2"
              },
              {
                "name": "ADV-2007-2372",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2372"
              },
              {
                "name": "34786",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/34786"
              },
              {
                "name": "eticket-open-xss(35121)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35121"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.netvigilance.com/advisory0031"
              },
              {
                "name": "24681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24681"
              },
              {
                "name": "25871",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25871"
              },
              {
                "name": "20070629 Re: eTicket version 1.5.5 XSS Attack Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/472514/100/0/threaded"
              },
              {
                "name": "20070707 eTicket version 1.5.5 XSS Attack Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/473095/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters.  NOTE: the vendor disputes the significance of the issue, stating that \"eTicket is not designed to work with register_globals On.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070627 eTicket version 1.5.5 XSS Attack Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/472434/100/0/threaded"
            },
            {
              "name": "20070627 eTicket version 1.5.5 XSS Attack Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=118297864900677\u0026w=2"
            },
            {
              "name": "ADV-2007-2372",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2372"
            },
            {
              "name": "34786",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/34786"
            },
            {
              "name": "eticket-open-xss(35121)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35121"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.netvigilance.com/advisory0031"
            },
            {
              "name": "24681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24681"
            },
            {
              "name": "25871",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25871"
            },
            {
              "name": "20070629 Re: eTicket version 1.5.5 XSS Attack Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/472514/100/0/threaded"
            },
            {
              "name": "20070707 eTicket version 1.5.5 XSS Attack Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/473095/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2801",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters.  NOTE: the vendor disputes the significance of the issue, stating that \"eTicket is not designed to work with register_globals On.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070627 eTicket version 1.5.5 XSS Attack Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/472434/100/0/threaded"
                },
                {
                  "name": "20070627 eTicket version 1.5.5 XSS Attack Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://marc.info/?l=full-disclosure\u0026m=118297864900677\u0026w=2"
                },
                {
                  "name": "ADV-2007-2372",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2372"
                },
                {
                  "name": "34786",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/34786"
                },
                {
                  "name": "eticket-open-xss(35121)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35121"
                },
                {
                  "name": "http://www.netvigilance.com/advisory0031",
                  "refsource": "MISC",
                  "url": "http://www.netvigilance.com/advisory0031"
                },
                {
                  "name": "24681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24681"
                },
                {
                  "name": "25871",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25871"
                },
                {
                  "name": "20070629 Re: eTicket version 1.5.5 XSS Attack Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/472514/100/0/threaded"
                },
                {
                  "name": "20070707 eTicket version 1.5.5 XSS Attack Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/473095/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2801",
        "datePublished": "2007-06-30T01:00:00.000Z",
        "dateReserved": "2007-05-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:49:57.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2800 (GCVE-0-2007-2800)

    Vulnerability from nvd – Published: 2007-06-28 18:00 – Updated: 2024-08-07 13:49
    VLAI
    Summary
    index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.netvigilance.com/advisory0030 x_refsource_MISC
    http://marc.info/?l=full-disclosure&m=11829785022… mailing-listx_refsource_FULLDISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/472431/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/34785 vdb-entryx_refsource_OSVDB
    Date Public
    2007-06-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:49:57.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.netvigilance.com/advisory0030"
              },
              {
                "name": "20070627 eTicket version 1.5.5 Path Disclosure",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=full-disclosure\u0026m=118297850220633\u0026w=2"
              },
              {
                "name": "eticket-index-path-disclosure(35122)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"
              },
              {
                "name": "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded"
              },
              {
                "name": "34785",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/34785"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.netvigilance.com/advisory0030"
            },
            {
              "name": "20070627 eTicket version 1.5.5 Path Disclosure",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=118297850220633\u0026w=2"
            },
            {
              "name": "eticket-index-path-disclosure(35122)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"
            },
            {
              "name": "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded"
            },
            {
              "name": "34785",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/34785"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2800",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.netvigilance.com/advisory0030",
                  "refsource": "MISC",
                  "url": "http://www.netvigilance.com/advisory0030"
                },
                {
                  "name": "20070627 eTicket version 1.5.5 Path Disclosure",
                  "refsource": "FULLDISC",
                  "url": "http://marc.info/?l=full-disclosure\u0026m=118297850220633\u0026w=2"
                },
                {
                  "name": "eticket-index-path-disclosure(35122)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"
                },
                {
                  "name": "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded"
                },
                {
                  "name": "34785",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/34785"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2800",
        "datePublished": "2007-06-28T18:00:00.000Z",
        "dateReserved": "2007-05-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:49:57.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-5165 (GCVE-0-2008-5165)

    Vulnerability from cvelistv5 – Published: 2008-11-19 18:00 – Updated: 2024-08-07 10:40
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-06-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:40:17.181Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html"
              },
              {
                "name": "30877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30877"
              },
              {
                "name": "eticket-pri-sql-injection(43398)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43398"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.eticketsupport.com/announcements/170_is_in_the_building-t91.0.html"
              },
              {
                "name": "1020379",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020379"
              },
              {
                "name": "29973",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29973"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html"
            },
            {
              "name": "30877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30877"
            },
            {
              "name": "eticket-pri-sql-injection(43398)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43398"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.eticketsupport.com/announcements/170_is_in_the_building-t91.0.html"
            },
            {
              "name": "1020379",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020379"
            },
            {
              "name": "29973",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29973"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5165",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html",
                  "refsource": "MISC",
                  "url": "http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html"
                },
                {
                  "name": "30877",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30877"
                },
                {
                  "name": "eticket-pri-sql-injection(43398)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43398"
                },
                {
                  "name": "http://www.eticketsupport.com/announcements/170_is_in_the_building-t91.0.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.eticketsupport.com/announcements/170_is_in_the_building-t91.0.html"
                },
                {
                  "name": "1020379",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020379"
                },
                {
                  "name": "29973",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29973"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5165",
        "datePublished": "2008-11-19T18:00:00.000Z",
        "dateReserved": "2008-11-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:40:17.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0552 (GCVE-0-2008-0552)

    Vulnerability from cvelistv5 – Published: 2008-02-01 19:41 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:54.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "eticket-index-xss(39968)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39968"
              },
              {
                "name": "27473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27473"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt"
              },
              {
                "name": "1019278",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019278"
              },
              {
                "name": "20080127 eTicket \u0027index.php\u0027 Cross Site Scripting Path Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487133/100/0/threaded"
              },
              {
                "name": "3601",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3601"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "eticket-index-xss(39968)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39968"
            },
            {
              "name": "27473",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27473"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt"
            },
            {
              "name": "1019278",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019278"
            },
            {
              "name": "20080127 eTicket \u0027index.php\u0027 Cross Site Scripting Path Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487133/100/0/threaded"
            },
            {
              "name": "3601",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3601"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0552",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "eticket-index-xss(39968)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39968"
                },
                {
                  "name": "27473",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27473"
                },
                {
                  "name": "http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt",
                  "refsource": "MISC",
                  "url": "http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt"
                },
                {
                  "name": "1019278",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019278"
                },
                {
                  "name": "20080127 eTicket \u0027index.php\u0027 Cross Site Scripting Path Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487133/100/0/threaded"
                },
                {
                  "name": "3601",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3601"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0552",
        "datePublished": "2008-02-01T19:41:00.000Z",
        "dateReserved": "2008-02-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:54.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0268 (GCVE-0-2008-0268)

    Vulnerability from cvelistv5 – Published: 2008-01-15 19:00 – Updated: 2024-08-07 07:39
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/485835/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/28331 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/27173 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3542 third-party-advisoryx_refsource_SREASON
    Date Public
    2008-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:39:34.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
              },
              {
                "name": "eticket-view-xss(39488)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39488"
              },
              {
                "name": "28331",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28331"
              },
              {
                "name": "27173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27173"
              },
              {
                "name": "3542",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3542"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
            },
            {
              "name": "eticket-view-xss(39488)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39488"
            },
            {
              "name": "28331",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28331"
            },
            {
              "name": "27173",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27173"
            },
            {
              "name": "3542",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3542"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0268",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
                },
                {
                  "name": "eticket-view-xss(39488)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39488"
                },
                {
                  "name": "28331",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28331"
                },
                {
                  "name": "27173",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27173"
                },
                {
                  "name": "3542",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3542"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0268",
        "datePublished": "2008-01-15T19:00:00.000Z",
        "dateReserved": "2008-01-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:39:34.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0266 (GCVE-0-2008-0266)

    Vulnerability from cvelistv5 – Published: 2008-01-15 19:00 – Updated: 2024-08-07 07:39
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/485835/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/28331 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/27173 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3542 third-party-advisoryx_refsource_SREASON
    Date Public
    2008-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:39:34.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
              },
              {
                "name": "eticket-admin-csrf(39490)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39490"
              },
              {
                "name": "28331",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28331"
              },
              {
                "name": "27173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27173"
              },
              {
                "name": "3542",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3542"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks.  NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
            },
            {
              "name": "eticket-admin-csrf(39490)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39490"
            },
            {
              "name": "28331",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28331"
            },
            {
              "name": "27173",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27173"
            },
            {
              "name": "3542",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3542"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0266",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks.  NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
                },
                {
                  "name": "eticket-admin-csrf(39490)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39490"
                },
                {
                  "name": "28331",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28331"
                },
                {
                  "name": "27173",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27173"
                },
                {
                  "name": "3542",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3542"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0266",
        "datePublished": "2008-01-15T19:00:00.000Z",
        "dateReserved": "2008-01-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:39:34.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0267 (GCVE-0-2008-0267)

    Vulnerability from cvelistv5 – Published: 2008-01-15 19:00 – Updated: 2024-08-07 07:39
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/485835/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/28331 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/27173 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3542 third-party-advisoryx_refsource_SREASON
    Date Public
    2008-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:39:34.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "eticket-admin-sql-injection(39487)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39487"
              },
              {
                "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
              },
              {
                "name": "eticket-search-sql-injection(39489)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39489"
              },
              {
                "name": "28331",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28331"
              },
              {
                "name": "27173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27173"
              },
              {
                "name": "3542",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3542"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "eticket-admin-sql-injection(39487)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39487"
            },
            {
              "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
            },
            {
              "name": "eticket-search-sql-injection(39489)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39489"
            },
            {
              "name": "28331",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28331"
            },
            {
              "name": "27173",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27173"
            },
            {
              "name": "3542",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3542"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0267",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "eticket-admin-sql-injection(39487)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39487"
                },
                {
                  "name": "20080106 eTicket 1.5.5.2 Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485835/100/0/threaded"
                },
                {
                  "name": "eticket-search-sql-injection(39489)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39489"
                },
                {
                  "name": "28331",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28331"
                },
                {
                  "name": "27173",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27173"
                },
                {
                  "name": "3542",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3542"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0267",
        "datePublished": "2008-01-15T19:00:00.000Z",
        "dateReserved": "2008-01-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:39:34.194Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0093 (GCVE-0-2008-0093)

    Vulnerability from cvelistv5 – Published: 2008-01-08 01:00 – Updated: 2024-08-07 07:32
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/27130 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.digitrustgroup.com/advisories/web-appl… x_refsource_MISC
    http://secunia.com/advisories/28331 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:32:23.849Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27130",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27130"
              },
              {
                "name": "eticket-name-subject-xss(39400)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39400"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.digitrustgroup.com/advisories/web-application-security-eticket.html"
              },
              {
                "name": "28331",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28331"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27130",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27130"
            },
            {
              "name": "eticket-name-subject-xss(39400)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39400"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.digitrustgroup.com/advisories/web-application-security-eticket.html"
            },
            {
              "name": "28331",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28331"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0093",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27130",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27130"
                },
                {
                  "name": "eticket-name-subject-xss(39400)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39400"
                },
                {
                  "name": "http://www.digitrustgroup.com/advisories/web-application-security-eticket.html",
                  "refsource": "MISC",
                  "url": "http://www.digitrustgroup.com/advisories/web-application-security-eticket.html"
                },
                {
                  "name": "28331",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28331"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0093",
        "datePublished": "2008-01-08T01:00:00.000Z",
        "dateReserved": "2008-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:32:23.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2801 (GCVE-0-2007-2801)

    Vulnerability from cvelistv5 – Published: 2007-06-30 01:00 – Updated: 2024-08-07 13:49
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters. NOTE: the vendor disputes the significance of the issue, stating that "eTicket is not designed to work with register_globals On."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/472434/100… mailing-listx_refsource_BUGTRAQ
    http://marc.info/?l=full-disclosure&m=11829786490… mailing-listx_refsource_FULLDISC
    http://www.vupen.com/english/advisories/2007/2372 vdb-entryx_refsource_VUPEN
    http://www.osvdb.org/34786 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.netvigilance.com/advisory0031 x_refsource_MISC
    http://www.securityfocus.com/bid/24681 vdb-entryx_refsource_BID
    http://secunia.com/advisories/25871 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/472514/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/473095/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-06-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:49:57.471Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070627 eTicket version 1.5.5 XSS Attack Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/472434/100/0/threaded"
              },
              {
                "name": "20070627 eTicket version 1.5.5 XSS Attack Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=full-disclosure\u0026m=118297864900677\u0026w=2"
              },
              {
                "name": "ADV-2007-2372",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2372"
              },
              {
                "name": "34786",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/34786"
              },
              {
                "name": "eticket-open-xss(35121)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35121"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.netvigilance.com/advisory0031"
              },
              {
                "name": "24681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24681"
              },
              {
                "name": "25871",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25871"
              },
              {
                "name": "20070629 Re: eTicket version 1.5.5 XSS Attack Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/472514/100/0/threaded"
              },
              {
                "name": "20070707 eTicket version 1.5.5 XSS Attack Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/473095/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters.  NOTE: the vendor disputes the significance of the issue, stating that \"eTicket is not designed to work with register_globals On.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070627 eTicket version 1.5.5 XSS Attack Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/472434/100/0/threaded"
            },
            {
              "name": "20070627 eTicket version 1.5.5 XSS Attack Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=118297864900677\u0026w=2"
            },
            {
              "name": "ADV-2007-2372",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2372"
            },
            {
              "name": "34786",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/34786"
            },
            {
              "name": "eticket-open-xss(35121)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35121"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.netvigilance.com/advisory0031"
            },
            {
              "name": "24681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24681"
            },
            {
              "name": "25871",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25871"
            },
            {
              "name": "20070629 Re: eTicket version 1.5.5 XSS Attack Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/472514/100/0/threaded"
            },
            {
              "name": "20070707 eTicket version 1.5.5 XSS Attack Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/473095/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2801",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters.  NOTE: the vendor disputes the significance of the issue, stating that \"eTicket is not designed to work with register_globals On.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070627 eTicket version 1.5.5 XSS Attack Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/472434/100/0/threaded"
                },
                {
                  "name": "20070627 eTicket version 1.5.5 XSS Attack Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://marc.info/?l=full-disclosure\u0026m=118297864900677\u0026w=2"
                },
                {
                  "name": "ADV-2007-2372",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2372"
                },
                {
                  "name": "34786",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/34786"
                },
                {
                  "name": "eticket-open-xss(35121)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35121"
                },
                {
                  "name": "http://www.netvigilance.com/advisory0031",
                  "refsource": "MISC",
                  "url": "http://www.netvigilance.com/advisory0031"
                },
                {
                  "name": "24681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24681"
                },
                {
                  "name": "25871",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25871"
                },
                {
                  "name": "20070629 Re: eTicket version 1.5.5 XSS Attack Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/472514/100/0/threaded"
                },
                {
                  "name": "20070707 eTicket version 1.5.5 XSS Attack Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/473095/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2801",
        "datePublished": "2007-06-30T01:00:00.000Z",
        "dateReserved": "2007-05-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:49:57.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2800 (GCVE-0-2007-2800)

    Vulnerability from cvelistv5 – Published: 2007-06-28 18:00 – Updated: 2024-08-07 13:49
    VLAI
    Summary
    index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.netvigilance.com/advisory0030 x_refsource_MISC
    http://marc.info/?l=full-disclosure&m=11829785022… mailing-listx_refsource_FULLDISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/472431/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/34785 vdb-entryx_refsource_OSVDB
    Date Public
    2007-06-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:49:57.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.netvigilance.com/advisory0030"
              },
              {
                "name": "20070627 eTicket version 1.5.5 Path Disclosure",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=full-disclosure\u0026m=118297850220633\u0026w=2"
              },
              {
                "name": "eticket-index-path-disclosure(35122)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"
              },
              {
                "name": "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded"
              },
              {
                "name": "34785",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/34785"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.netvigilance.com/advisory0030"
            },
            {
              "name": "20070627 eTicket version 1.5.5 Path Disclosure",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=118297850220633\u0026w=2"
            },
            {
              "name": "eticket-index-path-disclosure(35122)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"
            },
            {
              "name": "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded"
            },
            {
              "name": "34785",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/34785"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2800",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.netvigilance.com/advisory0030",
                  "refsource": "MISC",
                  "url": "http://www.netvigilance.com/advisory0030"
                },
                {
                  "name": "20070627 eTicket version 1.5.5 Path Disclosure",
                  "refsource": "FULLDISC",
                  "url": "http://marc.info/?l=full-disclosure\u0026m=118297850220633\u0026w=2"
                },
                {
                  "name": "eticket-index-path-disclosure(35122)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35122"
                },
                {
                  "name": "20070627 eTicket version 1.5.5 Path Disclosure Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/472431/100/0/threaded"
                },
                {
                  "name": "34785",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/34785"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2800",
        "datePublished": "2007-06-28T18:00:00.000Z",
        "dateReserved": "2007-05-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:49:57.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }