Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by nicecoder
CVE-2009-4624 (GCVE-0-2009-4624)
Vulnerability from cvelistv5 – Published: 2010-01-18 20:00 – Updated: 2024-08-07 07:08
VLAI
Summary
SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/36348 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/36659 | third-party-advisoryx_refsource_SECUNIA |
| http://www.exploit-db.com/exploits/9631 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "idesk-download-sql-injection(53139)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53139"
},
{
"name": "36348",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36348"
},
{
"name": "36659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36659"
},
{
"name": "9631",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "idesk-download-sql-injection(53139)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53139"
},
{
"name": "36348",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36348"
},
{
"name": "36659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36659"
},
{
"name": "9631",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "idesk-download-sql-injection(53139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53139"
},
{
"name": "36348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36348"
},
{
"name": "36659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36659"
},
{
"name": "9631",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4624",
"datePublished": "2010-01-18T20:00:00.000Z",
"dateReserved": "2010-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:08:37.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7017 (GCVE-0-2006-7017)
Vulnerability from cvelistv5 – Published: 2007-02-15 02:00 – Updated: 2024-08-07 20:50
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18752 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/2252 | third-party-advisoryx_refsource_SREASON |
| http://www.securitytracker.com/id?1016330 | vdb-entryx_refsource_SECTRACK |
Date Public
2006-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:05.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18752"
},
{
"name": "indexu-admintemplatepath-file-include(27262)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27262"
},
{
"name": "20060616 Indexu v 5.0.01 Multiple Remote File Include Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0318.html"
},
{
"name": "2252",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2252"
},
{
"name": "1016330",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1016330"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18752"
},
{
"name": "indexu-admintemplatepath-file-include(27262)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27262"
},
{
"name": "20060616 Indexu v 5.0.01 Multiple Remote File Include Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0318.html"
},
{
"name": "2252",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2252"
},
{
"name": "1016330",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1016330"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18752"
},
{
"name": "indexu-admintemplatepath-file-include(27262)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27262"
},
{
"name": "20060616 Indexu v 5.0.01 Multiple Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0318.html"
},
{
"name": "2252",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2252"
},
{
"name": "1016330",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1016330"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7017",
"datePublished": "2007-02-15T02:00:00.000Z",
"dateReserved": "2007-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:50:05.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0364 (GCVE-0-2007-0364)
Vulnerability from cvelistv5 – Published: 2007-01-19 19:00 – Updated: 2024-08-07 12:19
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2007-01-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:29.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32846",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32846"
},
{
"name": "ADV-2007-0222",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0222"
},
{
"name": "32849",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32849"
},
{
"name": "32840",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32840"
},
{
"name": "32850",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32850"
},
{
"name": "32843",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32843"
},
{
"name": "20070116 vulnerability script indexu all versions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457079/100/0/threaded"
},
{
"name": "32845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32845"
},
{
"name": "32842",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32842"
},
{
"name": "22084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22084"
},
{
"name": "32847",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32847"
},
{
"name": "32848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32848"
},
{
"name": "32844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32844"
},
{
"name": "32839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32839"
},
{
"name": "indexu-multiple-scripts-xss(31538)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31538"
},
{
"name": "32838",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32838"
},
{
"name": "32851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32851"
},
{
"name": "23764",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23764"
},
{
"name": "32841",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32846",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32846"
},
{
"name": "ADV-2007-0222",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0222"
},
{
"name": "32849",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32849"
},
{
"name": "32840",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32840"
},
{
"name": "32850",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32850"
},
{
"name": "32843",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32843"
},
{
"name": "20070116 vulnerability script indexu all versions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/457079/100/0/threaded"
},
{
"name": "32845",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32845"
},
{
"name": "32842",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32842"
},
{
"name": "22084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22084"
},
{
"name": "32847",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32847"
},
{
"name": "32848",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32848"
},
{
"name": "32844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32844"
},
{
"name": "32839",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32839"
},
{
"name": "indexu-multiple-scripts-xss(31538)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31538"
},
{
"name": "32838",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32838"
},
{
"name": "32851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32851"
},
{
"name": "23764",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23764"
},
{
"name": "32841",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32846",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32846"
},
{
"name": "ADV-2007-0222",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0222"
},
{
"name": "32849",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32849"
},
{
"name": "32840",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32840"
},
{
"name": "32850",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32850"
},
{
"name": "32843",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32843"
},
{
"name": "20070116 vulnerability script indexu all versions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457079/100/0/threaded"
},
{
"name": "32845",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32845"
},
{
"name": "32842",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32842"
},
{
"name": "22084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22084"
},
{
"name": "32847",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32847"
},
{
"name": "32848",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32848"
},
{
"name": "32844",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32844"
},
{
"name": "32839",
"refsource": "OSVDB",
"url": "http://osvdb.org/32839"
},
{
"name": "indexu-multiple-scripts-xss(31538)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31538"
},
{
"name": "32838",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32838"
},
{
"name": "32851",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32851"
},
{
"name": "23764",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23764"
},
{
"name": "32841",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0364",
"datePublished": "2007-01-19T19:00:00.000Z",
"dateReserved": "2007-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:19:29.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0349 (GCVE-0-2007-0349)
Vulnerability from cvelistv5 – Published: 2007-01-19 00:00 – Updated: 2024-08-07 12:12
VLAI
Summary
Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/457079/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/45533 | vdb-entryx_refsource_OSVDB |
Date Public
2007-01-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:18.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "indexu-upgrade-file-include(31539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31539"
},
{
"name": "20070116 vulnerability script indexu all versions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457079/100/0/threaded"
},
{
"name": "45533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "indexu-upgrade-file-include(31539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31539"
},
{
"name": "20070116 vulnerability script indexu all versions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/457079/100/0/threaded"
},
{
"name": "45533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "indexu-upgrade-file-include(31539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31539"
},
{
"name": "20070116 vulnerability script indexu all versions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457079/100/0/threaded"
},
{
"name": "45533",
"refsource": "OSVDB",
"url": "http://osvdb.org/45533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0349",
"datePublished": "2007-01-19T00:00:00.000Z",
"dateReserved": "2007-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:12:18.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1767 (GCVE-0-2006-1767)
Vulnerability from cvelistv5 – Published: 2006-04-13 10:00 – Updated: 2024-08-07 17:27
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
Date Public
2006-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:28.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060411 INDEXU \u003c= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430599/100/0/threaded"
},
{
"name": "28415",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28415"
},
{
"name": "28426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28426"
},
{
"name": "17470",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17470"
},
{
"name": "28406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28406"
},
{
"name": "28412",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28412"
},
{
"name": "1015891",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015891"
},
{
"name": "28419",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28419"
},
{
"name": "28410",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28410"
},
{
"name": "28417",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28417"
},
{
"name": "28427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28427"
},
{
"name": "28422",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28422"
},
{
"name": "24597",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24597"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt"
},
{
"name": "24596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24596"
},
{
"name": "1016331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016331"
},
{
"name": "28416",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28416"
},
{
"name": "28425",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28425"
},
{
"name": "28413",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28413"
},
{
"name": "28409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060411 INDEXU \u003c= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430599/100/0/threaded"
},
{
"name": "28415",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28415"
},
{
"name": "28426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28426"
},
{
"name": "17470",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17470"
},
{
"name": "28406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28406"
},
{
"name": "28412",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28412"
},
{
"name": "1015891",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015891"
},
{
"name": "28419",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28419"
},
{
"name": "28410",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28410"
},
{
"name": "28417",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28417"
},
{
"name": "28427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28427"
},
{
"name": "28422",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28422"
},
{
"name": "24597",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24597"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt"
},
{
"name": "24596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24596"
},
{
"name": "1016331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016331"
},
{
"name": "28416",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28416"
},
{
"name": "28425",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28425"
},
{
"name": "28413",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28413"
},
{
"name": "28409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060411 INDEXU \u003c= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430599/100/0/threaded"
},
{
"name": "28415",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28415"
},
{
"name": "28426",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28426"
},
{
"name": "17470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17470"
},
{
"name": "28406",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28406"
},
{
"name": "28412",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28412"
},
{
"name": "1015891",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015891"
},
{
"name": "28419",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28419"
},
{
"name": "28410",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28410"
},
{
"name": "28417",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28417"
},
{
"name": "28427",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28427"
},
{
"name": "28422",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28422"
},
{
"name": "24597",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24597"
},
{
"name": "http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt",
"refsource": "MISC",
"url": "http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt"
},
{
"name": "24596",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24596"
},
{
"name": "1016331",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016331"
},
{
"name": "28416",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28416"
},
{
"name": "28425",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28425"
},
{
"name": "28413",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28413"
},
{
"name": "28409",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1767",
"datePublished": "2006-04-13T10:00:00.000Z",
"dateReserved": "2006-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:27:28.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0688 (GCVE-0-2006-0688)
Vulnerability from cvelistv5 – Published: 2006-02-15 11:00 – Updated: 2024-08-07 16:41
VLAI
Summary
PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/16565 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/22989 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/18752 | third-party-advisoryx_refsource_SECUNIA |
| http://echo.or.id/adv/adv26-K-159-2006.txt | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1015607 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2006/0494 | vdb-entryx_refsource_VUPEN |
| http://echo.or.id/adv/adv27-K-159-2006.txt | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/424549/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-02-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16565",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16565"
},
{
"name": "22989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22989"
},
{
"name": "18752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18752"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://echo.or.id/adv/adv26-K-159-2006.txt"
},
{
"name": "indexu-application-file-include(24603)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24603"
},
{
"name": "1015607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015607"
},
{
"name": "ADV-2006-0494",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0494"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://echo.or.id/adv/adv27-K-159-2006.txt"
},
{
"name": "20060209 [ECHO_ADV_27$2006] Indexu \u003c= 5.0.1 Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424549/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16565",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16565"
},
{
"name": "22989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22989"
},
{
"name": "18752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18752"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://echo.or.id/adv/adv26-K-159-2006.txt"
},
{
"name": "indexu-application-file-include(24603)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24603"
},
{
"name": "1015607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015607"
},
{
"name": "ADV-2006-0494",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0494"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://echo.or.id/adv/adv27-K-159-2006.txt"
},
{
"name": "20060209 [ECHO_ADV_27$2006] Indexu \u003c= 5.0.1 Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424549/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16565"
},
{
"name": "22989",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22989"
},
{
"name": "18752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18752"
},
{
"name": "http://echo.or.id/adv/adv26-K-159-2006.txt",
"refsource": "MISC",
"url": "http://echo.or.id/adv/adv26-K-159-2006.txt"
},
{
"name": "indexu-application-file-include(24603)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24603"
},
{
"name": "1015607",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015607"
},
{
"name": "ADV-2006-0494",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0494"
},
{
"name": "http://echo.or.id/adv/adv27-K-159-2006.txt",
"refsource": "MISC",
"url": "http://echo.or.id/adv/adv27-K-159-2006.txt"
},
{
"name": "20060209 [ECHO_ADV_27$2006] Indexu \u003c= 5.0.1 Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424549/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0688",
"datePublished": "2006-02-15T11:00:00.000Z",
"dateReserved": "2006-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:29.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3843 (GCVE-0-2005-3843)
Vulnerability from cvelistv5 – Published: 2005-11-26 22:00 – Updated: 2024-08-07 23:24
VLAI
Summary
SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/21117 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/15597 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/17729 | third-party-advisoryx_refsource_SECUNIA |
| http://pridels0.blogspot.com/2005/11/idesk-catid-… | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2005/2590 | vdb-entryx_refsource_VUPEN |
Date Public
2005-11-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21117"
},
{
"name": "15597",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15597"
},
{
"name": "idesk-faq-sql-injection(23222)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23222"
},
{
"name": "17729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17729"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/11/idesk-catid-sql-inj.html"
},
{
"name": "ADV-2005-2590",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21117"
},
{
"name": "15597",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15597"
},
{
"name": "idesk-faq-sql-injection(23222)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23222"
},
{
"name": "17729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17729"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/11/idesk-catid-sql-inj.html"
},
{
"name": "ADV-2005-2590",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2590"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21117"
},
{
"name": "15597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15597"
},
{
"name": "idesk-faq-sql-injection(23222)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23222"
},
{
"name": "17729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17729"
},
{
"name": "http://pridels0.blogspot.com/2005/11/idesk-catid-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/idesk-catid-sql-inj.html"
},
{
"name": "ADV-2005-2590",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2590"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3843",
"datePublished": "2005-11-26T22:00:00.000Z",
"dateReserved": "2005-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:36.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}