Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities by olate
CVE-2007-4541 (GCVE-0-2007-4541)
Vulnerability from nvd – Published: 2007-08-27 21:00 – Updated: 2024-08-07 15:01
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/25412 | vdb-entryx_refsource_BID |
| http://osvdb.org/39711 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/477337/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/39710 | vdb-entryx_refsource_OSVDB |
| http://myimei.com/security/2007-08-22/olate-downl… | x_refsource_MISC |
| http://secunia.com/advisories/26565 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3076 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/477338/100… | mailing-listx_refsource_BUGTRAQ |
| http://myimei.com/security/2007-08-22/olate-downl… | x_refsource_MISC |
Date Public
2007-08-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "olatedownload-fldm-xss(36197)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36197"
},
{
"name": "25412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25412"
},
{
"name": "39711",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39711"
},
{
"name": "20070822 Olate Download 3.4.2~modules/core/uim.php~XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477337/100/0/threaded"
},
{
"name": "39710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2007-08-22/olate-download-342modulescoreuimphpxss.html"
},
{
"name": "26565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26565"
},
{
"name": "3076",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3076"
},
{
"name": "olatedownload-files-xss(36196)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36196"
},
{
"name": "20070822 Olate Download 3.4.2~modules/core/fldm.php~comments tag [url] XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477338/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2007-08-22/olate-download-342modulescorefldmphpcomments-tag-url-xss.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "olatedownload-fldm-xss(36197)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36197"
},
{
"name": "25412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25412"
},
{
"name": "39711",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39711"
},
{
"name": "20070822 Olate Download 3.4.2~modules/core/uim.php~XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477337/100/0/threaded"
},
{
"name": "39710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2007-08-22/olate-download-342modulescoreuimphpxss.html"
},
{
"name": "26565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26565"
},
{
"name": "3076",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3076"
},
{
"name": "olatedownload-files-xss(36196)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36196"
},
{
"name": "20070822 Olate Download 3.4.2~modules/core/fldm.php~comments tag [url] XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477338/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2007-08-22/olate-download-342modulescorefldmphpcomments-tag-url-xss.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "olatedownload-fldm-xss(36197)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36197"
},
{
"name": "25412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25412"
},
{
"name": "39711",
"refsource": "OSVDB",
"url": "http://osvdb.org/39711"
},
{
"name": "20070822 Olate Download 3.4.2~modules/core/uim.php~XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477337/100/0/threaded"
},
{
"name": "39710",
"refsource": "OSVDB",
"url": "http://osvdb.org/39710"
},
{
"name": "http://myimei.com/security/2007-08-22/olate-download-342modulescoreuimphpxss.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2007-08-22/olate-download-342modulescoreuimphpxss.html"
},
{
"name": "26565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26565"
},
{
"name": "3076",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3076"
},
{
"name": "olatedownload-files-xss(36196)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36196"
},
{
"name": "20070822 Olate Download 3.4.2~modules/core/fldm.php~comments tag [url] XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477338/100/0/threaded"
},
{
"name": "http://myimei.com/security/2007-08-22/olate-download-342modulescorefldmphpcomments-tag-url-xss.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2007-08-22/olate-download-342modulescorefldmphpcomments-tag-url-xss.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4541",
"datePublished": "2007-08-27T21:00:00.000Z",
"dateReserved": "2007-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4540 (GCVE-0-2007-4540)
Vulnerability from nvd – Published: 2007-08-27 21:00 – Updated: 2024-08-07 15:01
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/477340/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/25410 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/3062 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/38581 | vdb-entryx_refsource_OSVDB |
| http://myimei.com/security/2007-08-22/olate-downl… | x_refsource_MISC |
Date Public
2007-08-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070822 Olate Download 3.4.2~download.php ~ sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477340/100/0/threaded"
},
{
"name": "25410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25410"
},
{
"name": "olatedownload-download-sql-injection(36214)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36214"
},
{
"name": "3062",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3062"
},
{
"name": "38581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38581"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2007-08-22/olate-download-342downloadphp-sql-injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070822 Olate Download 3.4.2~download.php ~ sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477340/100/0/threaded"
},
{
"name": "25410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25410"
},
{
"name": "olatedownload-download-sql-injection(36214)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36214"
},
{
"name": "3062",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3062"
},
{
"name": "38581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38581"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2007-08-22/olate-download-342downloadphp-sql-injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070822 Olate Download 3.4.2~download.php ~ sql injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477340/100/0/threaded"
},
{
"name": "25410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25410"
},
{
"name": "olatedownload-download-sql-injection(36214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36214"
},
{
"name": "3062",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3062"
},
{
"name": "38581",
"refsource": "OSVDB",
"url": "http://osvdb.org/38581"
},
{
"name": "http://myimei.com/security/2007-08-22/olate-download-342downloadphp-sql-injection.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2007-08-22/olate-download-342downloadphp-sql-injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4540",
"datePublished": "2007-08-27T21:00:00.000Z",
"dateReserved": "2007-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4454 (GCVE-0-2007-4454)
Vulnerability from nvd – Published: 2007-08-21 18:00 – Updated: 2024-08-07 14:53
VLAI
EPSS
VEX
Summary
Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3038 | third-party-advisoryx_refsource_SREASON |
| http://myimei.com/security/2007-08-17/olate-downl… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/25356 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/476925/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/477223/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:56.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3038",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3038"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html"
},
{
"name": "olate-environment-code-execution(36087)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36087"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "25356",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25356"
},
{
"name": "20070817 Olate Download 3.4.1~environment.php.php~Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476925/100/0/threaded"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3038",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3038"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html"
},
{
"name": "olate-environment-code-execution(36087)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36087"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "25356",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25356"
},
{
"name": "20070817 Olate Download 3.4.1~environment.php.php~Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476925/100/0/threaded"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3038",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3038"
},
{
"name": "http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html"
},
{
"name": "olate-environment-code-execution(36087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36087"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "25356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25356"
},
{
"name": "20070817 Olate Download 3.4.1~environment.php.php~Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476925/100/0/threaded"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4454",
"datePublished": "2007-08-21T18:00:00.000Z",
"dateReserved": "2007-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:56.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4421 (GCVE-0-2007-4421)
Vulnerability from nvd – Published: 2007-08-18 21:00 – Updated: 2024-08-07 14:53
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/25384 | vdb-entryx_refsource_BID |
| http://sourceforge.net/forum/forum.php?forum_id=727807 | x_refsource_CONFIRM |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://secunia.com/advisories/26533 | third-party-advisoryx_refsource_SECUNIA |
| http://myimei.com/security/2007-08-16/olate-downl… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/477223/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/39712 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/476760/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3028 | third-party-advisoryx_refsource_SREASON |
Date Public
2007-08-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "25384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=727807"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052"
},
{
"name": "26533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26533"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html"
},
{
"name": "olatedownload-cookie-sql-injection(36089)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36089"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
},
{
"name": "39712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39712"
},
{
"name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded"
},
{
"name": "3028",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "25384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=727807"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052"
},
{
"name": "26533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26533"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html"
},
{
"name": "olatedownload-cookie-sql-injection(36089)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36089"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
},
{
"name": "39712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39712"
},
{
"name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded"
},
{
"name": "3028",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "25384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25384"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=727807",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=727807"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052"
},
{
"name": "26533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26533"
},
{
"name": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html"
},
{
"name": "olatedownload-cookie-sql-injection(36089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36089"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
},
{
"name": "39712",
"refsource": "OSVDB",
"url": "http://osvdb.org/39712"
},
{
"name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded"
},
{
"name": "3028",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4421",
"datePublished": "2007-08-18T21:00:00.000Z",
"dateReserved": "2007-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:55.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4419 (GCVE-0-2007-4419)
Vulnerability from nvd – Published: 2007-08-18 21:00 – Updated: 2024-08-07 14:53
VLAI
EPSS
VEX
Summary
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://sourceforge.net/forum/forum.php?forum_id=727807 | x_refsource_CONFIRM |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://secunia.com/advisories/26533 | third-party-advisoryx_refsource_SECUNIA |
| http://myimei.com/security/2007-08-16/olate-downl… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/25343 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/477223/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/476760/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3028 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/39714 | vdb-entryx_refsource_OSVDB |
Date Public
2007-08-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:56.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=727807"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052"
},
{
"name": "26533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26533"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html"
},
{
"name": "olatedownload-admin-security-bypass(36088)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36088"
},
{
"name": "25343",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25343"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
},
{
"name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded"
},
{
"name": "3028",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3028"
},
{
"name": "39714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=727807"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052"
},
{
"name": "26533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26533"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html"
},
{
"name": "olatedownload-admin-security-bypass(36088)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36088"
},
{
"name": "25343",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25343"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
},
{
"name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded"
},
{
"name": "3028",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3028"
},
{
"name": "39714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39714"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=727807",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=727807"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052"
},
{
"name": "26533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26533"
},
{
"name": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html"
},
{
"name": "olatedownload-admin-security-bypass(36088)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36088"
},
{
"name": "25343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25343"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
},
{
"name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded"
},
{
"name": "3028",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3028"
},
{
"name": "39714",
"refsource": "OSVDB",
"url": "http://osvdb.org/39714"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4419",
"datePublished": "2007-08-18T21:00:00.000Z",
"dateReserved": "2007-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:56.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5144 (GCVE-0-2006-5144)
Vulnerability from nvd – Published: 2006-10-02 23:00 – Updated: 2024-08-07 19:41
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/1680 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/447424/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/20278 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/22241 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-userupload-xss(29292)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29292"
},
{
"name": "20278",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-userupload-xss(29292)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29292"
},
{
"name": "20278",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1680",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-userupload-xss(29292)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29292"
},
{
"name": "20278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5144",
"datePublished": "2006-10-02T23:00:00.000Z",
"dateReserved": "2006-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:04.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5145 (GCVE-0-2006-5145)
Vulnerability from nvd – Published: 2006-10-02 23:00 – Updated: 2024-08-07 19:41
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/1680 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/447424/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/20278 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/22241 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-detailes-search-sql-injection(29294)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29294"
},
{
"name": "20278",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-detailes-search-sql-injection(29294)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29294"
},
{
"name": "20278",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1680",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-detailes-search-sql-injection(29294)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29294"
},
{
"name": "20278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5145",
"datePublished": "2006-10-02T23:00:00.000Z",
"dateReserved": "2006-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:04.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3342 (GCVE-0-2006-3342)
Vulnerability from nvd – Published: 2006-07-03 18:00 – Updated: 2024-08-07 18:23
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/2436 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/26668 | vdb-entryx_refsource_OSVDB |
| http://pridels0.blogspot.com/2006/06/arctic-xss.html | x_refsource_MISC |
| http://secunia.com/advisories/20663 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/18536 | vdb-entryx_refsource_BID |
| http://www.olate.co.uk/forums/index.php?showtopic=1698 | x_refsource_CONFIRM |
Date Public
2006-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2436",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2436"
},
{
"name": "arctic-search-xss(27285)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27285"
},
{
"name": "26668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26668"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/06/arctic-xss.html"
},
{
"name": "20663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20663"
},
{
"name": "18536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18536"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.olate.co.uk/forums/index.php?showtopic=1698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2436",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2436"
},
{
"name": "arctic-search-xss(27285)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27285"
},
{
"name": "26668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26668"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/06/arctic-xss.html"
},
{
"name": "20663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20663"
},
{
"name": "18536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18536"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.olate.co.uk/forums/index.php?showtopic=1698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2436",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2436"
},
{
"name": "arctic-search-xss(27285)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27285"
},
{
"name": "26668",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26668"
},
{
"name": "http://pridels0.blogspot.com/2006/06/arctic-xss.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/arctic-xss.html"
},
{
"name": "20663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20663"
},
{
"name": "18536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18536"
},
{
"name": "http://www.olate.co.uk/forums/index.php?showtopic=1698",
"refsource": "CONFIRM",
"url": "http://www.olate.co.uk/forums/index.php?showtopic=1698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3342",
"datePublished": "2006-07-03T18:00:00.000Z",
"dateReserved": "2006-07-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:23:21.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4541 (GCVE-0-2007-4541)
Vulnerability from cvelistv5 – Published: 2007-08-27 21:00 – Updated: 2024-08-07 15:01
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/25412 | vdb-entryx_refsource_BID |
| http://osvdb.org/39711 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/477337/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/39710 | vdb-entryx_refsource_OSVDB |
| http://myimei.com/security/2007-08-22/olate-downl… | x_refsource_MISC |
| http://secunia.com/advisories/26565 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3076 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/477338/100… | mailing-listx_refsource_BUGTRAQ |
| http://myimei.com/security/2007-08-22/olate-downl… | x_refsource_MISC |
Date Public
2007-08-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "olatedownload-fldm-xss(36197)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36197"
},
{
"name": "25412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25412"
},
{
"name": "39711",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39711"
},
{
"name": "20070822 Olate Download 3.4.2~modules/core/uim.php~XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477337/100/0/threaded"
},
{
"name": "39710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2007-08-22/olate-download-342modulescoreuimphpxss.html"
},
{
"name": "26565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26565"
},
{
"name": "3076",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3076"
},
{
"name": "olatedownload-files-xss(36196)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36196"
},
{
"name": "20070822 Olate Download 3.4.2~modules/core/fldm.php~comments tag [url] XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477338/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2007-08-22/olate-download-342modulescorefldmphpcomments-tag-url-xss.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "olatedownload-fldm-xss(36197)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36197"
},
{
"name": "25412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25412"
},
{
"name": "39711",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39711"
},
{
"name": "20070822 Olate Download 3.4.2~modules/core/uim.php~XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477337/100/0/threaded"
},
{
"name": "39710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2007-08-22/olate-download-342modulescoreuimphpxss.html"
},
{
"name": "26565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26565"
},
{
"name": "3076",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3076"
},
{
"name": "olatedownload-files-xss(36196)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36196"
},
{
"name": "20070822 Olate Download 3.4.2~modules/core/fldm.php~comments tag [url] XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477338/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2007-08-22/olate-download-342modulescorefldmphpcomments-tag-url-xss.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "olatedownload-fldm-xss(36197)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36197"
},
{
"name": "25412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25412"
},
{
"name": "39711",
"refsource": "OSVDB",
"url": "http://osvdb.org/39711"
},
{
"name": "20070822 Olate Download 3.4.2~modules/core/uim.php~XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477337/100/0/threaded"
},
{
"name": "39710",
"refsource": "OSVDB",
"url": "http://osvdb.org/39710"
},
{
"name": "http://myimei.com/security/2007-08-22/olate-download-342modulescoreuimphpxss.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2007-08-22/olate-download-342modulescoreuimphpxss.html"
},
{
"name": "26565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26565"
},
{
"name": "3076",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3076"
},
{
"name": "olatedownload-files-xss(36196)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36196"
},
{
"name": "20070822 Olate Download 3.4.2~modules/core/fldm.php~comments tag [url] XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477338/100/0/threaded"
},
{
"name": "http://myimei.com/security/2007-08-22/olate-download-342modulescorefldmphpcomments-tag-url-xss.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2007-08-22/olate-download-342modulescorefldmphpcomments-tag-url-xss.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4541",
"datePublished": "2007-08-27T21:00:00.000Z",
"dateReserved": "2007-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4540 (GCVE-0-2007-4540)
Vulnerability from cvelistv5 – Published: 2007-08-27 21:00 – Updated: 2024-08-07 15:01
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/477340/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/25410 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/3062 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/38581 | vdb-entryx_refsource_OSVDB |
| http://myimei.com/security/2007-08-22/olate-downl… | x_refsource_MISC |
Date Public
2007-08-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070822 Olate Download 3.4.2~download.php ~ sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477340/100/0/threaded"
},
{
"name": "25410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25410"
},
{
"name": "olatedownload-download-sql-injection(36214)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36214"
},
{
"name": "3062",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3062"
},
{
"name": "38581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38581"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2007-08-22/olate-download-342downloadphp-sql-injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070822 Olate Download 3.4.2~download.php ~ sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477340/100/0/threaded"
},
{
"name": "25410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25410"
},
{
"name": "olatedownload-download-sql-injection(36214)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36214"
},
{
"name": "3062",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3062"
},
{
"name": "38581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38581"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2007-08-22/olate-download-342downloadphp-sql-injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070822 Olate Download 3.4.2~download.php ~ sql injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477340/100/0/threaded"
},
{
"name": "25410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25410"
},
{
"name": "olatedownload-download-sql-injection(36214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36214"
},
{
"name": "3062",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3062"
},
{
"name": "38581",
"refsource": "OSVDB",
"url": "http://osvdb.org/38581"
},
{
"name": "http://myimei.com/security/2007-08-22/olate-download-342downloadphp-sql-injection.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2007-08-22/olate-download-342downloadphp-sql-injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4540",
"datePublished": "2007-08-27T21:00:00.000Z",
"dateReserved": "2007-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4454 (GCVE-0-2007-4454)
Vulnerability from cvelistv5 – Published: 2007-08-21 18:00 – Updated: 2024-08-07 14:53
VLAI
EPSS
VEX
Summary
Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3038 | third-party-advisoryx_refsource_SREASON |
| http://myimei.com/security/2007-08-17/olate-downl… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/25356 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/476925/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/477223/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:56.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3038",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3038"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html"
},
{
"name": "olate-environment-code-execution(36087)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36087"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "25356",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25356"
},
{
"name": "20070817 Olate Download 3.4.1~environment.php.php~Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476925/100/0/threaded"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3038",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3038"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html"
},
{
"name": "olate-environment-code-execution(36087)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36087"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "25356",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25356"
},
{
"name": "20070817 Olate Download 3.4.1~environment.php.php~Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476925/100/0/threaded"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3038",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3038"
},
{
"name": "http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html"
},
{
"name": "olate-environment-code-execution(36087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36087"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "25356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25356"
},
{
"name": "20070817 Olate Download 3.4.1~environment.php.php~Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476925/100/0/threaded"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4454",
"datePublished": "2007-08-21T18:00:00.000Z",
"dateReserved": "2007-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:56.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4421 (GCVE-0-2007-4421)
Vulnerability from cvelistv5 – Published: 2007-08-18 21:00 – Updated: 2024-08-07 14:53
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/25384 | vdb-entryx_refsource_BID |
| http://sourceforge.net/forum/forum.php?forum_id=727807 | x_refsource_CONFIRM |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://secunia.com/advisories/26533 | third-party-advisoryx_refsource_SECUNIA |
| http://myimei.com/security/2007-08-16/olate-downl… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/477223/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/39712 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/476760/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3028 | third-party-advisoryx_refsource_SREASON |
Date Public
2007-08-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "25384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=727807"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052"
},
{
"name": "26533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26533"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html"
},
{
"name": "olatedownload-cookie-sql-injection(36089)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36089"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
},
{
"name": "39712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39712"
},
{
"name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded"
},
{
"name": "3028",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "25384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=727807"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052"
},
{
"name": "26533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26533"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html"
},
{
"name": "olatedownload-cookie-sql-injection(36089)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36089"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
},
{
"name": "39712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39712"
},
{
"name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded"
},
{
"name": "3028",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "25384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25384"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=727807",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=727807"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052"
},
{
"name": "26533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26533"
},
{
"name": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html"
},
{
"name": "olatedownload-cookie-sql-injection(36089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36089"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
},
{
"name": "39712",
"refsource": "OSVDB",
"url": "http://osvdb.org/39712"
},
{
"name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded"
},
{
"name": "3028",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4421",
"datePublished": "2007-08-18T21:00:00.000Z",
"dateReserved": "2007-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:55.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4419 (GCVE-0-2007-4419)
Vulnerability from cvelistv5 – Published: 2007-08-18 21:00 – Updated: 2024-08-07 14:53
VLAI
EPSS
VEX
Summary
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://sourceforge.net/forum/forum.php?forum_id=727807 | x_refsource_CONFIRM |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://secunia.com/advisories/26533 | third-party-advisoryx_refsource_SECUNIA |
| http://myimei.com/security/2007-08-16/olate-downl… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/25343 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/477223/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/476760/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3028 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/39714 | vdb-entryx_refsource_OSVDB |
Date Public
2007-08-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:56.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=727807"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052"
},
{
"name": "26533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26533"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html"
},
{
"name": "olatedownload-admin-security-bypass(36088)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36088"
},
{
"name": "25343",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25343"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
},
{
"name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded"
},
{
"name": "3028",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3028"
},
{
"name": "39714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=727807"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052"
},
{
"name": "26533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26533"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html"
},
{
"name": "olatedownload-admin-security-bypass(36088)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36088"
},
{
"name": "25343",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25343"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
},
{
"name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded"
},
{
"name": "3028",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3028"
},
{
"name": "39714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39714"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=188052\u0026release_id=533628"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=727807",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=727807"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=533628\u0026group_id=188052"
},
{
"name": "26533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26533"
},
{
"name": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html"
},
{
"name": "olatedownload-admin-security-bypass(36088)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36088"
},
{
"name": "25343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25343"
},
{
"name": "20070821 Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477223/100/0/threaded"
},
{
"name": "20070816 Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476760/100/0/threaded"
},
{
"name": "3028",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3028"
},
{
"name": "39714",
"refsource": "OSVDB",
"url": "http://osvdb.org/39714"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4419",
"datePublished": "2007-08-18T21:00:00.000Z",
"dateReserved": "2007-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:56.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5144 (GCVE-0-2006-5144)
Vulnerability from cvelistv5 – Published: 2006-10-02 23:00 – Updated: 2024-08-07 19:41
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/1680 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/447424/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/20278 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/22241 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-userupload-xss(29292)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29292"
},
{
"name": "20278",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-userupload-xss(29292)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29292"
},
{
"name": "20278",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1680",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-userupload-xss(29292)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29292"
},
{
"name": "20278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5144",
"datePublished": "2006-10-02T23:00:00.000Z",
"dateReserved": "2006-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:04.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5145 (GCVE-0-2006-5145)
Vulnerability from cvelistv5 – Published: 2006-10-02 23:00 – Updated: 2024-08-07 19:41
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/1680 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/447424/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/20278 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/22241 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:04.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-detailes-search-sql-injection(29294)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29294"
},
{
"name": "20278",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-detailes-search-sql-injection(29294)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29294"
},
{
"name": "20278",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1680",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-detailes-search-sql-injection(29294)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29294"
},
{
"name": "20278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5145",
"datePublished": "2006-10-02T23:00:00.000Z",
"dateReserved": "2006-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:04.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3342 (GCVE-0-2006-3342)
Vulnerability from cvelistv5 – Published: 2006-07-03 18:00 – Updated: 2024-08-07 18:23
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/2436 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/26668 | vdb-entryx_refsource_OSVDB |
| http://pridels0.blogspot.com/2006/06/arctic-xss.html | x_refsource_MISC |
| http://secunia.com/advisories/20663 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/18536 | vdb-entryx_refsource_BID |
| http://www.olate.co.uk/forums/index.php?showtopic=1698 | x_refsource_CONFIRM |
Date Public
2006-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2436",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2436"
},
{
"name": "arctic-search-xss(27285)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27285"
},
{
"name": "26668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26668"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/06/arctic-xss.html"
},
{
"name": "20663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20663"
},
{
"name": "18536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18536"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.olate.co.uk/forums/index.php?showtopic=1698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2436",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2436"
},
{
"name": "arctic-search-xss(27285)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27285"
},
{
"name": "26668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26668"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/06/arctic-xss.html"
},
{
"name": "20663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20663"
},
{
"name": "18536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18536"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.olate.co.uk/forums/index.php?showtopic=1698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2436",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2436"
},
{
"name": "arctic-search-xss(27285)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27285"
},
{
"name": "26668",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26668"
},
{
"name": "http://pridels0.blogspot.com/2006/06/arctic-xss.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/arctic-xss.html"
},
{
"name": "20663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20663"
},
{
"name": "18536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18536"
},
{
"name": "http://www.olate.co.uk/forums/index.php?showtopic=1698",
"refsource": "CONFIRM",
"url": "http://www.olate.co.uk/forums/index.php?showtopic=1698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3342",
"datePublished": "2006-07-03T18:00:00.000Z",
"dateReserved": "2006-07-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:23:21.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}