Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by w2b
CVE-2008-6920 (GCVE-0-2008-6920)
Vulnerability from cvelistv5 – Published: 2009-08-10 16:00 – Updated: 2024-08-07 11:49
VLAI?
Summary
Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpemployment-auth-file-upload(47592)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47592"
},
{
"name": "ADV-2008-3508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3508"
},
{
"name": "33268",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33268"
},
{
"name": "33000",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33000"
},
{
"name": "50981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50981"
},
{
"name": "7563",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpemployment-auth-file-upload(47592)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47592"
},
{
"name": "ADV-2008-3508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3508"
},
{
"name": "33268",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33268"
},
{
"name": "33000",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33000"
},
{
"name": "50981",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50981"
},
{
"name": "7563",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpemployment-auth-file-upload(47592)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47592"
},
{
"name": "ADV-2008-3508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3508"
},
{
"name": "33268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33268"
},
{
"name": "33000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33000"
},
{
"name": "50981",
"refsource": "OSVDB",
"url": "http://osvdb.org/50981"
},
{
"name": "7563",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6920",
"datePublished": "2009-08-10T16:00:00.000Z",
"dateReserved": "2009-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:49:02.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6921 (GCVE-0-2008-6921)
Vulnerability from cvelistv5 – Published: 2009-08-10 16:00 – Updated: 2024-08-07 11:49
VLAI?
Summary
Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-3509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3509"
},
{
"name": "phpadboard-index-file-upload(47593)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47593"
},
{
"name": "7562",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7562"
},
{
"name": "32998",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32998"
},
{
"name": "33300",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33300"
},
{
"name": "50996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-3509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3509"
},
{
"name": "phpadboard-index-file-upload(47593)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47593"
},
{
"name": "7562",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7562"
},
{
"name": "32998",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32998"
},
{
"name": "33300",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33300"
},
{
"name": "50996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-3509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3509"
},
{
"name": "phpadboard-index-file-upload(47593)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47593"
},
{
"name": "7562",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7562"
},
{
"name": "32998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32998"
},
{
"name": "33300",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33300"
},
{
"name": "50996",
"refsource": "OSVDB",
"url": "http://osvdb.org/50996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6921",
"datePublished": "2009-08-10T16:00:00.000Z",
"dateReserved": "2009-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:49:02.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6848 (GCVE-0-2008-6848)
Vulnerability from cvelistv5 – Published: 2009-07-07 18:35 – Updated: 2024-08-07 11:42
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpgreetcards-index-xss(47590)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47590"
},
{
"name": "7561",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7561"
},
{
"name": "50989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50989"
},
{
"name": "33001",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33001"
},
{
"name": "33304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33304"
},
{
"name": "ADV-2008-3510",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3510"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpgreetcards-index-xss(47590)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47590"
},
{
"name": "7561",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7561"
},
{
"name": "50989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50989"
},
{
"name": "33001",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33001"
},
{
"name": "33304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33304"
},
{
"name": "ADV-2008-3510",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3510"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpgreetcards-index-xss(47590)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47590"
},
{
"name": "7561",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7561"
},
{
"name": "50989",
"refsource": "OSVDB",
"url": "http://osvdb.org/50989"
},
{
"name": "33001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33001"
},
{
"name": "33304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33304"
},
{
"name": "ADV-2008-3510",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3510"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6848",
"datePublished": "2009-07-07T18:35:00.000Z",
"dateReserved": "2009-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:42:00.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6849 (GCVE-0-2008-6849)
Vulnerability from cvelistv5 – Published: 2009-07-07 18:35 – Updated: 2024-08-07 11:42
VLAI?
Summary
Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7561",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7561"
},
{
"name": "50988",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50988"
},
{
"name": "32995",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32995"
},
{
"name": "33304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33304"
},
{
"name": "ADV-2008-3510",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3510"
},
{
"name": "phpgreetcards-index-file-upload(47591)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7561",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7561"
},
{
"name": "50988",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50988"
},
{
"name": "32995",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32995"
},
{
"name": "33304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33304"
},
{
"name": "ADV-2008-3510",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3510"
},
{
"name": "phpgreetcards-index-file-upload(47591)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7561",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7561"
},
{
"name": "50988",
"refsource": "OSVDB",
"url": "http://osvdb.org/50988"
},
{
"name": "32995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32995"
},
{
"name": "33304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33304"
},
{
"name": "ADV-2008-3510",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3510"
},
{
"name": "phpgreetcards-index-file-upload(47591)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6849",
"datePublished": "2009-07-07T18:35:00.000Z",
"dateReserved": "2009-07-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:42:00.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2179 (GCVE-0-2009-2179)
Vulnerability from cvelistv5 – Published: 2009-06-23 21:21 – Updated: 2024-08-07 05:44
VLAI?
Summary
SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2009-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:54.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8990"
},
{
"name": "55315",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8990"
},
{
"name": "55315",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8990",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8990"
},
{
"name": "55315",
"refsource": "OSVDB",
"url": "http://osvdb.org/55315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2179",
"datePublished": "2009-06-23T21:21:00.000Z",
"dateReserved": "2009-06-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:54.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2178 (GCVE-0-2009-2178)
Vulnerability from cvelistv5 – Published: 2009-06-23 21:21 – Updated: 2024-08-07 05:44
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2009-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55316",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55316"
},
{
"name": "8990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "55316",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55316"
},
{
"name": "8990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55316",
"refsource": "OSVDB",
"url": "http://osvdb.org/55316"
},
{
"name": "8990",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2178",
"datePublished": "2009-06-23T21:21:00.000Z",
"dateReserved": "2009-06-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3179 (GCVE-0-2008-3179)
Vulnerability from cvelistv5 – Published: 2008-07-15 18:03 – Updated: 2024-08-07 09:28
VLAI?
Summary
Directory traversal vulnerability in website.php in Web 2 Business (W2B) phpDatingClub (aka Dating Club) 3.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31040"
},
{
"name": "phpdatingclub-website-file-include(43710)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43710"
},
{
"name": "3992",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3992"
},
{
"name": "ADV-2008-2060",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2060/references"
},
{
"name": "30176",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30176"
},
{
"name": "6037",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in website.php in Web 2 Business (W2B) phpDatingClub (aka Dating Club) 3.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31040"
},
{
"name": "phpdatingclub-website-file-include(43710)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43710"
},
{
"name": "3992",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3992"
},
{
"name": "ADV-2008-2060",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2060/references"
},
{
"name": "30176",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30176"
},
{
"name": "6037",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6037"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in website.php in Web 2 Business (W2B) phpDatingClub (aka Dating Club) 3.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31040"
},
{
"name": "phpdatingclub-website-file-include(43710)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43710"
},
{
"name": "3992",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3992"
},
{
"name": "ADV-2008-2060",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2060/references"
},
{
"name": "30176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30176"
},
{
"name": "6037",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6037"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3179",
"datePublished": "2008-07-15T18:03:00.000Z",
"dateReserved": "2008-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:28:41.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1893 (GCVE-0-2008-1893)
Vulnerability from cvelistv5 – Published: 2008-04-18 22:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2008-04-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080415 remote file include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120829213903472\u0026w=2"
},
{
"name": "28796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28796"
},
{
"name": "w2bonline-index-file-include(41931)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080415 remote file include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120829213903472\u0026w=2"
},
{
"name": "28796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28796"
},
{
"name": "w2bonline-index-file-include(41931)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41931"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080415 remote file include",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=120829213903472\u0026w=2"
},
{
"name": "28796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28796"
},
{
"name": "w2bonline-index-file-include(41931)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1893",
"datePublished": "2008-04-18T22:00:00.000Z",
"dateReserved": "2008-04-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:40:59.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1843 (GCVE-0-2008-1843)
Vulnerability from cvelistv5 – Published: 2008-04-16 17:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44371",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44371"
},
{
"name": "29815",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29815"
},
{
"name": "28737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.aria-security.com/showthread.php?p=70"
},
{
"name": "20080410 w2b.ru multiple products SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120792465631586\u0026w=2"
},
{
"name": "datingclub-browse-sql-injection(41792)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44371",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44371"
},
{
"name": "29815",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29815"
},
{
"name": "28737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.aria-security.com/showthread.php?p=70"
},
{
"name": "20080410 w2b.ru multiple products SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120792465631586\u0026w=2"
},
{
"name": "datingclub-browse-sql-injection(41792)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41792"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44371",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44371"
},
{
"name": "29815",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29815"
},
{
"name": "28737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28737"
},
{
"name": "http://forum.aria-security.com/showthread.php?p=70",
"refsource": "MISC",
"url": "http://forum.aria-security.com/showthread.php?p=70"
},
{
"name": "20080410 w2b.ru multiple products SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=120792465631586\u0026w=2"
},
{
"name": "datingclub-browse-sql-injection(41792)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41792"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1843",
"datePublished": "2008-04-16T17:00:00.000Z",
"dateReserved": "2008-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:40:59.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1844 (GCVE-0-2008-1844)
Vulnerability from cvelistv5 – Published: 2008-04-16 17:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
SQL injection vulnerability in cat.php in W2B phpHotResources allows remote attackers to execute arbitrary SQL commands via the kind parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:58.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44378",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.aria-security.com/showthread.php?p=70"
},
{
"name": "29825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29825"
},
{
"name": "20080410 w2b.ru multiple products SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120792465631586\u0026w=2"
},
{
"name": "28736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28736"
},
{
"name": "phphotresources-cat-sql-injection(41793)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41793"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in cat.php in W2B phpHotResources allows remote attackers to execute arbitrary SQL commands via the kind parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44378",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.aria-security.com/showthread.php?p=70"
},
{
"name": "29825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29825"
},
{
"name": "20080410 w2b.ru multiple products SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120792465631586\u0026w=2"
},
{
"name": "28736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28736"
},
{
"name": "phphotresources-cat-sql-injection(41793)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41793"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in cat.php in W2B phpHotResources allows remote attackers to execute arbitrary SQL commands via the kind parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44378",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44378"
},
{
"name": "http://forum.aria-security.com/showthread.php?p=70",
"refsource": "MISC",
"url": "http://forum.aria-security.com/showthread.php?p=70"
},
{
"name": "29825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29825"
},
{
"name": "20080410 w2b.ru multiple products SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=120792465631586\u0026w=2"
},
{
"name": "28736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28736"
},
{
"name": "phphotresources-cat-sql-injection(41793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41793"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1844",
"datePublished": "2008-04-16T17:00:00.000Z",
"dateReserved": "2008-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:40:58.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3174 (GCVE-0-2007-3174)
Vulnerability from cvelistv5 – Published: 2007-06-11 22:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2007-05-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "w2bonline-auth-xss(34594)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34594"
},
{
"name": "37465",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37465"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels-team.blogspot.com/2007/05/w2b-online-banking-vuln.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "w2bonline-auth-xss(34594)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34594"
},
{
"name": "37465",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37465"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels-team.blogspot.com/2007/05/w2b-online-banking-vuln.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "w2bonline-auth-xss(34594)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34594"
},
{
"name": "37465",
"refsource": "OSVDB",
"url": "http://osvdb.org/37465"
},
{
"name": "http://pridels-team.blogspot.com/2007/05/w2b-online-banking-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/05/w2b-online-banking-vuln.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3174",
"datePublished": "2007-06-11T22:00:00.000Z",
"dateReserved": "2007-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3175 (GCVE-0-2007-3175)
Vulnerability from cvelistv5 – Published: 2007-06-11 22:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2007-05-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "w2bonline-multiple-sql-injection(34593)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34593"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels-team.blogspot.com/2007/05/w2b-online-banking-vuln.html"
},
{
"name": "37467",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37467"
},
{
"name": "37466",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "w2bonline-multiple-sql-injection(34593)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34593"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels-team.blogspot.com/2007/05/w2b-online-banking-vuln.html"
},
{
"name": "37467",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37467"
},
{
"name": "37466",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "w2bonline-multiple-sql-injection(34593)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34593"
},
{
"name": "http://pridels-team.blogspot.com/2007/05/w2b-online-banking-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/05/w2b-online-banking-vuln.html"
},
{
"name": "37467",
"refsource": "OSVDB",
"url": "http://osvdb.org/37467"
},
{
"name": "37466",
"refsource": "OSVDB",
"url": "http://osvdb.org/37466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3175",
"datePublished": "2007-06-11T22:00:00.000Z",
"dateReserved": "2007-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1980 (GCVE-0-2006-1980)
Vulnerability from cvelistv5 – Published: 2006-04-21 22:00 – Updated: 2024-08-07 17:35
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2006-04-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html"
},
{
"name": "ADV-2006-1445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1445"
},
{
"name": "24759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24759"
},
{
"name": "19717",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19717"
},
{
"name": "w2bonlinebanking-sid-xss(25947)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25947"
},
{
"name": "17626",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html"
},
{
"name": "ADV-2006-1445",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1445"
},
{
"name": "24759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24759"
},
{
"name": "19717",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19717"
},
{
"name": "w2bonlinebanking-sid-xss(25947)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25947"
},
{
"name": "17626",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html"
},
{
"name": "ADV-2006-1445",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1445"
},
{
"name": "24759",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24759"
},
{
"name": "19717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19717"
},
{
"name": "w2bonlinebanking-sid-xss(25947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25947"
},
{
"name": "17626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1980",
"datePublished": "2006-04-21T22:00:00.000Z",
"dateReserved": "2006-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:35:31.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4088 (GCVE-0-2005-4088)
Vulnerability from cvelistv5 – Published: 2005-12-08 11:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) parent and (2) day parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2005-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17915"
},
{
"name": "ADV-2005-2764",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2764"
},
{
"name": "21484",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21484"
},
{
"name": "15736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) parent and (2) day parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-12T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17915"
},
{
"name": "ADV-2005-2764",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2764"
},
{
"name": "21484",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21484"
},
{
"name": "15736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) parent and (2) day parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17915"
},
{
"name": "ADV-2005-2764",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2764"
},
{
"name": "21484",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21484"
},
{
"name": "15736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4088",
"datePublished": "2005-12-08T11:00:00.000Z",
"dateReserved": "2005-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}