Search criteria
3 vulnerabilities by jiro
CVE-2008-2691 (GCVE-0-2008-2691)
Vulnerability from cvelistv5 – Published: 2008-06-13 19:19 – Updated: 2024-08-07 09:14
VLAI
Summary
SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/30569 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/5753 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/29594 | vdb-entryx_refsource_BID |
Date Public
2008-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "jiro-read-sql-injection(42919)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42919"
},
{
"name": "30569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30569"
},
{
"name": "5753",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5753"
},
{
"name": "29594",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in read.asp in JiRo\u0027s FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "jiro-read-sql-injection(42919)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42919"
},
{
"name": "30569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30569"
},
{
"name": "5753",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5753"
},
{
"name": "29594",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in read.asp in JiRo\u0027s FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jiro-read-sql-injection(42919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42919"
},
{
"name": "30569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30569"
},
{
"name": "5753",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5753"
},
{
"name": "29594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2691",
"datePublished": "2008-06-13T19:19:00.000Z",
"dateReserved": "2008-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:14:14.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6091 (GCVE-0-2007-6091)
Vulnerability from cvelistv5 – Published: 2007-11-22 00:00 – Updated: 2024-08-07 15:54
VLAI
Summary
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3384 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/26479 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/483859/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/38740 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/38741 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/27713 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:26.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3384",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3384"
},
{
"name": "26479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26479"
},
{
"name": "20071117 JiRo\u0026acute;s Upload Manager SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483859/100/0/threaded"
},
{
"name": "38740",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38740"
},
{
"name": "38741",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38741"
},
{
"name": "27713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in files/login.asp in JiRo\u0027s Banner System (JBS) 2.0, and possibly JiRo\u0027s Upload Manager (aka JiRo\u0027s Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3384",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3384"
},
{
"name": "26479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26479"
},
{
"name": "20071117 JiRo\u0026acute;s Upload Manager SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483859/100/0/threaded"
},
{
"name": "38740",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38740"
},
{
"name": "38741",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38741"
},
{
"name": "27713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in files/login.asp in JiRo\u0027s Banner System (JBS) 2.0, and possibly JiRo\u0027s Upload Manager (aka JiRo\u0027s Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3384",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3384"
},
{
"name": "26479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26479"
},
{
"name": "20071117 JiRo\u0026acute;s Upload Manager SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483859/100/0/threaded"
},
{
"name": "38740",
"refsource": "OSVDB",
"url": "http://osvdb.org/38740"
},
{
"name": "38741",
"refsource": "OSVDB",
"url": "http://osvdb.org/38741"
},
{
"name": "27713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6091",
"datePublished": "2007-11-22T00:00:00.000Z",
"dateReserved": "2007-11-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:54:26.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1213 (GCVE-0-2006-1213)
Vulnerability from cvelistv5 – Published: 2006-03-14 01:00 – Updated: 2024-08-07 17:03
VLAI
Summary
JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/427326/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/17060 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/0911 | vdb-entryx_refsource_VUPEN |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.nukedx.com/?viewdoc=19 | x_refsource_MISC |
| http://www.osvdb.org/23780 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/19184 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060309 Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427326/100/0/threaded"
},
{
"name": "17060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17060"
},
{
"name": "jbspro-security-bypass(25169)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25169"
},
{
"name": "ADV-2006-0911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0911"
},
{
"name": "20060309 Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0211.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nukedx.com/?viewdoc=19"
},
{
"name": "23780",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23780"
},
{
"name": "19184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "JiRo\u0027s Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060309 Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427326/100/0/threaded"
},
{
"name": "17060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17060"
},
{
"name": "jbspro-security-bypass(25169)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25169"
},
{
"name": "ADV-2006-0911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0911"
},
{
"name": "20060309 Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0211.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nukedx.com/?viewdoc=19"
},
{
"name": "23780",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23780"
},
{
"name": "19184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JiRo\u0027s Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060309 Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427326/100/0/threaded"
},
{
"name": "17060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17060"
},
{
"name": "jbspro-security-bypass(25169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25169"
},
{
"name": "ADV-2006-0911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0911"
},
{
"name": "20060309 Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0211.html"
},
{
"name": "http://www.nukedx.com/?viewdoc=19",
"refsource": "MISC",
"url": "http://www.nukedx.com/?viewdoc=19"
},
{
"name": "23780",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23780"
},
{
"name": "19184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1213",
"datePublished": "2006-03-14T01:00:00.000Z",
"dateReserved": "2006-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:28.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}