Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by open-realty

    CVE-2012-1112 (GCVE-0-2012-1112)

    Vulnerability from nvd – Published: 2012-09-06 18:00 – Updated: 2024-08-06 18:45
    VLAI
    Summary
    Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-03-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:45:27.161Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi"
              },
              {
                "name": "52296",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52296"
              },
              {
                "name": "[oss-security] 20120305 Re: Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File  Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/05/23"
              },
              {
                "name": "20120305 Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0012.html"
              },
              {
                "name": "openrealty-selectuserstemplate-file-include(73736)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73736"
              },
              {
                "name": "[oss-security] 20120306 Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File  Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/05/14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi"
            },
            {
              "name": "52296",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52296"
            },
            {
              "name": "[oss-security] 20120305 Re: Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File  Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/05/23"
            },
            {
              "name": "20120305 Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0012.html"
            },
            {
              "name": "openrealty-selectuserstemplate-file-include(73736)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73736"
            },
            {
              "name": "[oss-security] 20120306 Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File  Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/05/14"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-1112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi",
                  "refsource": "MISC",
                  "url": "http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi"
                },
                {
                  "name": "52296",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52296"
                },
                {
                  "name": "[oss-security] 20120305 Re: Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File  Inclusion Vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/05/23"
                },
                {
                  "name": "20120305 Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File Inclusion Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0012.html"
                },
                {
                  "name": "openrealty-selectuserstemplate-file-include(73736)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73736"
                },
                {
                  "name": "[oss-security] 20120306 Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File  Inclusion Vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/05/14"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-1112",
        "datePublished": "2012-09-06T18:00:00.000Z",
        "dateReserved": "2012-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:45:27.161Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3765 (GCVE-0-2011-3765)

    Vulnerability from nvd – Published: 2011-09-24 00:00 – Updated: 2024-08-06 23:46
    VLAI
    Summary
    Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-06-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:46:03.122Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openrealty-upgrade115inc-path-disclosure(70607)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70607"
              },
              {
                "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-06-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "openrealty-upgrade115inc-path-disclosure(70607)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70607"
            },
            {
              "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3765",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openrealty-upgrade115inc-path-disclosure(70607)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70607"
                },
                {
                  "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3765",
        "datePublished": "2011-09-24T00:00:00.000Z",
        "dateReserved": "2011-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:46:03.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5056 (GCVE-0-2007-5056)

    Vulnerability from nvd – Published: 2007-09-24 22:00 – Updated: 2024-08-07 15:17
    VLAI
    Summary
    Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/25768 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/40596 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/5098 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/28886 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/3261 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/26928 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/41422 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/41426 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/28874 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://www.exploit-db.com/exploits/5090 exploitx_refsource_EXPLOIT-DB
    http://osvdb.org/41428 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/5097 exploitx_refsource_EXPLOIT-DB
    http://www.attrition.org/pipermail/vim/2007-Septe… mailing-listx_refsource_VIM
    http://secunia.com/advisories/28873 third-party-advisoryx_refsource_SECUNIA
    https://www.exploit-db.com/exploits/4442 exploitx_refsource_EXPLOIT-DB
    https://www.exploit-db.com/exploits/5091 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/28859 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/41427 vdb-entryx_refsource_OSVDB
    Date Public
    2007-09-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:17:28.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openrealty-lastmodule-code-execution(40395)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40395"
              },
              {
                "name": "25768",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25768"
              },
              {
                "name": "sapidcmf-lastmodule-code-execution(40396)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40396"
              },
              {
                "name": "40596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/40596"
              },
              {
                "name": "5098",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5098"
              },
              {
                "name": "pacercms-lastmodule-code-execution(40389)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40389"
              },
              {
                "name": "28886",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28886"
              },
              {
                "name": "ADV-2007-3261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3261"
              },
              {
                "name": "26928",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26928"
              },
              {
                "name": "41422",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/41422"
              },
              {
                "name": "journalness-lastmodule-code-execution(40393)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40393"
              },
              {
                "name": "41426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/41426"
              },
              {
                "name": "28874",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28874"
              },
              {
                "name": "cmsmadesimple-adodbperfmod-code-execution(36733)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36733"
              },
              {
                "name": "5090",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5090"
              },
              {
                "name": "41428",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/41428"
              },
              {
                "name": "5097",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5097"
              },
              {
                "name": "20070924 CMS Made Simple eval injection is really an ADOdb Lite problem",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-September/001800.html"
              },
              {
                "name": "28873",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28873"
              },
              {
                "name": "4442",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4442"
              },
              {
                "name": "5091",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5091"
              },
              {
                "name": "28859",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28859"
              },
              {
                "name": "41427",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/41427"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "openrealty-lastmodule-code-execution(40395)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40395"
            },
            {
              "name": "25768",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25768"
            },
            {
              "name": "sapidcmf-lastmodule-code-execution(40396)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40396"
            },
            {
              "name": "40596",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/40596"
            },
            {
              "name": "5098",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5098"
            },
            {
              "name": "pacercms-lastmodule-code-execution(40389)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40389"
            },
            {
              "name": "28886",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28886"
            },
            {
              "name": "ADV-2007-3261",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3261"
            },
            {
              "name": "26928",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26928"
            },
            {
              "name": "41422",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/41422"
            },
            {
              "name": "journalness-lastmodule-code-execution(40393)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40393"
            },
            {
              "name": "41426",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/41426"
            },
            {
              "name": "28874",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28874"
            },
            {
              "name": "cmsmadesimple-adodbperfmod-code-execution(36733)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36733"
            },
            {
              "name": "5090",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5090"
            },
            {
              "name": "41428",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/41428"
            },
            {
              "name": "5097",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5097"
            },
            {
              "name": "20070924 CMS Made Simple eval injection is really an ADOdb Lite problem",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-September/001800.html"
            },
            {
              "name": "28873",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28873"
            },
            {
              "name": "4442",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4442"
            },
            {
              "name": "5091",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5091"
            },
            {
              "name": "28859",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28859"
            },
            {
              "name": "41427",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/41427"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5056",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openrealty-lastmodule-code-execution(40395)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40395"
                },
                {
                  "name": "25768",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25768"
                },
                {
                  "name": "sapidcmf-lastmodule-code-execution(40396)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40396"
                },
                {
                  "name": "40596",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/40596"
                },
                {
                  "name": "5098",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5098"
                },
                {
                  "name": "pacercms-lastmodule-code-execution(40389)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40389"
                },
                {
                  "name": "28886",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28886"
                },
                {
                  "name": "ADV-2007-3261",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3261"
                },
                {
                  "name": "26928",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26928"
                },
                {
                  "name": "41422",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/41422"
                },
                {
                  "name": "journalness-lastmodule-code-execution(40393)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40393"
                },
                {
                  "name": "41426",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/41426"
                },
                {
                  "name": "28874",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28874"
                },
                {
                  "name": "cmsmadesimple-adodbperfmod-code-execution(36733)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36733"
                },
                {
                  "name": "5090",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5090"
                },
                {
                  "name": "41428",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/41428"
                },
                {
                  "name": "5097",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5097"
                },
                {
                  "name": "20070924 CMS Made Simple eval injection is really an ADOdb Lite problem",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-September/001800.html"
                },
                {
                  "name": "28873",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28873"
                },
                {
                  "name": "4442",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4442"
                },
                {
                  "name": "5091",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5091"
                },
                {
                  "name": "28859",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28859"
                },
                {
                  "name": "41427",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/41427"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5056",
        "datePublished": "2007-09-24T22:00:00.000Z",
        "dateReserved": "2007-09-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:17:28.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0490 (GCVE-0-2007-0490)

    Vulnerability from nvd – Published: 2007-01-25 00:00 – Updated: 2024-08-07 12:19
    VLAI
    Summary
    index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-01-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:19:29.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070121 Full Path Disclosure in Open-Realty ( v2.3.4 )",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/457676/100/0/threaded"
              },
              {
                "name": "openrealty-index-path-disclosure(31657)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31657"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-01-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070121 Full Path Disclosure in Open-Realty ( v2.3.4 )",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/457676/100/0/threaded"
            },
            {
              "name": "openrealty-index-path-disclosure(31657)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31657"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0490",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070121 Full Path Disclosure in Open-Realty ( v2.3.4 )",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/457676/100/0/threaded"
                },
                {
                  "name": "openrealty-index-path-disclosure(31657)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31657"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0490",
        "datePublished": "2007-01-25T00:00:00.000Z",
        "dateReserved": "2007-01-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:19:29.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3148 (GCVE-0-2006-3148)

    Vulnerability from nvd – Published: 2006-06-22 22:00 – Updated: 2024-08-07 18:16
    VLAI
    Summary
    SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/26694 vdb-entryx_refsource_OSVDB
    http://pridels0.blogspot.com/2006/06/open-realty-… x_refsource_MISC
    http://secunia.com/advisories/20704 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/18545 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/2454 vdb-entryx_refsource_VUPEN
    Date Public
    2006-06-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:16:06.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openrealty-index-sql-injection(27210)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27210"
              },
              {
                "name": "26694",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/26694"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pridels0.blogspot.com/2006/06/open-realty-sql-injection-vuln.html"
              },
              {
                "name": "20704",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20704"
              },
              {
                "name": "18545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18545"
              },
              {
                "name": "ADV-2006-2454",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2454"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "openrealty-index-sql-injection(27210)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27210"
            },
            {
              "name": "26694",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/26694"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pridels0.blogspot.com/2006/06/open-realty-sql-injection-vuln.html"
            },
            {
              "name": "20704",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20704"
            },
            {
              "name": "18545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18545"
            },
            {
              "name": "ADV-2006-2454",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2454"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3148",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openrealty-index-sql-injection(27210)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27210"
                },
                {
                  "name": "26694",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/26694"
                },
                {
                  "name": "http://pridels0.blogspot.com/2006/06/open-realty-sql-injection-vuln.html",
                  "refsource": "MISC",
                  "url": "http://pridels0.blogspot.com/2006/06/open-realty-sql-injection-vuln.html"
                },
                {
                  "name": "20704",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20704"
                },
                {
                  "name": "18545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18545"
                },
                {
                  "name": "ADV-2006-2454",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2454"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3148",
        "datePublished": "2006-06-22T22:00:00.000Z",
        "dateReserved": "2006-06-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:16:06.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1112 (GCVE-0-2012-1112)

    Vulnerability from cvelistv5 – Published: 2012-09-06 18:00 – Updated: 2024-08-06 18:45
    VLAI
    Summary
    Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-03-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:45:27.161Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi"
              },
              {
                "name": "52296",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52296"
              },
              {
                "name": "[oss-security] 20120305 Re: Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File  Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/05/23"
              },
              {
                "name": "20120305 Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0012.html"
              },
              {
                "name": "openrealty-selectuserstemplate-file-include(73736)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73736"
              },
              {
                "name": "[oss-security] 20120306 Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File  Inclusion Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/03/05/14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi"
            },
            {
              "name": "52296",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52296"
            },
            {
              "name": "[oss-security] 20120305 Re: Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File  Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/05/23"
            },
            {
              "name": "20120305 Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0012.html"
            },
            {
              "name": "openrealty-selectuserstemplate-file-include(73736)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73736"
            },
            {
              "name": "[oss-security] 20120306 Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File  Inclusion Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/03/05/14"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-1112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi",
                  "refsource": "MISC",
                  "url": "http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi"
                },
                {
                  "name": "52296",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52296"
                },
                {
                  "name": "[oss-security] 20120305 Re: Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File  Inclusion Vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/05/23"
                },
                {
                  "name": "20120305 Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File Inclusion Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0012.html"
                },
                {
                  "name": "openrealty-selectuserstemplate-file-include(73736)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73736"
                },
                {
                  "name": "[oss-security] 20120306 Open-Realty CMS 2.5.8 (2.x.x) \u003c= \"select_users_template\" Local File  Inclusion Vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/03/05/14"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-1112",
        "datePublished": "2012-09-06T18:00:00.000Z",
        "dateReserved": "2012-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:45:27.161Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3765 (GCVE-0-2011-3765)

    Vulnerability from cvelistv5 – Published: 2011-09-24 00:00 – Updated: 2024-08-06 23:46
    VLAI
    Summary
    Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-06-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:46:03.122Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openrealty-upgrade115inc-path-disclosure(70607)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70607"
              },
              {
                "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-06-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "openrealty-upgrade115inc-path-disclosure(70607)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70607"
            },
            {
              "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3765",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openrealty-upgrade115inc-path-disclosure(70607)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70607"
                },
                {
                  "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3765",
        "datePublished": "2011-09-24T00:00:00.000Z",
        "dateReserved": "2011-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:46:03.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5056 (GCVE-0-2007-5056)

    Vulnerability from cvelistv5 – Published: 2007-09-24 22:00 – Updated: 2024-08-07 15:17
    VLAI
    Summary
    Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/25768 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/40596 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/5098 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/28886 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/3261 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/26928 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/41422 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/41426 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/28874 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://www.exploit-db.com/exploits/5090 exploitx_refsource_EXPLOIT-DB
    http://osvdb.org/41428 vdb-entryx_refsource_OSVDB
    https://www.exploit-db.com/exploits/5097 exploitx_refsource_EXPLOIT-DB
    http://www.attrition.org/pipermail/vim/2007-Septe… mailing-listx_refsource_VIM
    http://secunia.com/advisories/28873 third-party-advisoryx_refsource_SECUNIA
    https://www.exploit-db.com/exploits/4442 exploitx_refsource_EXPLOIT-DB
    https://www.exploit-db.com/exploits/5091 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/28859 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/41427 vdb-entryx_refsource_OSVDB
    Date Public
    2007-09-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:17:28.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openrealty-lastmodule-code-execution(40395)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40395"
              },
              {
                "name": "25768",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25768"
              },
              {
                "name": "sapidcmf-lastmodule-code-execution(40396)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40396"
              },
              {
                "name": "40596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/40596"
              },
              {
                "name": "5098",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5098"
              },
              {
                "name": "pacercms-lastmodule-code-execution(40389)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40389"
              },
              {
                "name": "28886",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28886"
              },
              {
                "name": "ADV-2007-3261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3261"
              },
              {
                "name": "26928",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26928"
              },
              {
                "name": "41422",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/41422"
              },
              {
                "name": "journalness-lastmodule-code-execution(40393)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40393"
              },
              {
                "name": "41426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/41426"
              },
              {
                "name": "28874",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28874"
              },
              {
                "name": "cmsmadesimple-adodbperfmod-code-execution(36733)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36733"
              },
              {
                "name": "5090",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5090"
              },
              {
                "name": "41428",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/41428"
              },
              {
                "name": "5097",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5097"
              },
              {
                "name": "20070924 CMS Made Simple eval injection is really an ADOdb Lite problem",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-September/001800.html"
              },
              {
                "name": "28873",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28873"
              },
              {
                "name": "4442",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4442"
              },
              {
                "name": "5091",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5091"
              },
              {
                "name": "28859",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28859"
              },
              {
                "name": "41427",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/41427"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "openrealty-lastmodule-code-execution(40395)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40395"
            },
            {
              "name": "25768",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25768"
            },
            {
              "name": "sapidcmf-lastmodule-code-execution(40396)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40396"
            },
            {
              "name": "40596",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/40596"
            },
            {
              "name": "5098",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5098"
            },
            {
              "name": "pacercms-lastmodule-code-execution(40389)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40389"
            },
            {
              "name": "28886",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28886"
            },
            {
              "name": "ADV-2007-3261",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3261"
            },
            {
              "name": "26928",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26928"
            },
            {
              "name": "41422",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/41422"
            },
            {
              "name": "journalness-lastmodule-code-execution(40393)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40393"
            },
            {
              "name": "41426",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/41426"
            },
            {
              "name": "28874",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28874"
            },
            {
              "name": "cmsmadesimple-adodbperfmod-code-execution(36733)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36733"
            },
            {
              "name": "5090",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5090"
            },
            {
              "name": "41428",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/41428"
            },
            {
              "name": "5097",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5097"
            },
            {
              "name": "20070924 CMS Made Simple eval injection is really an ADOdb Lite problem",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-September/001800.html"
            },
            {
              "name": "28873",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28873"
            },
            {
              "name": "4442",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4442"
            },
            {
              "name": "5091",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5091"
            },
            {
              "name": "28859",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28859"
            },
            {
              "name": "41427",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/41427"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5056",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openrealty-lastmodule-code-execution(40395)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40395"
                },
                {
                  "name": "25768",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25768"
                },
                {
                  "name": "sapidcmf-lastmodule-code-execution(40396)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40396"
                },
                {
                  "name": "40596",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/40596"
                },
                {
                  "name": "5098",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5098"
                },
                {
                  "name": "pacercms-lastmodule-code-execution(40389)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40389"
                },
                {
                  "name": "28886",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28886"
                },
                {
                  "name": "ADV-2007-3261",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3261"
                },
                {
                  "name": "26928",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26928"
                },
                {
                  "name": "41422",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/41422"
                },
                {
                  "name": "journalness-lastmodule-code-execution(40393)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40393"
                },
                {
                  "name": "41426",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/41426"
                },
                {
                  "name": "28874",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28874"
                },
                {
                  "name": "cmsmadesimple-adodbperfmod-code-execution(36733)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36733"
                },
                {
                  "name": "5090",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5090"
                },
                {
                  "name": "41428",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/41428"
                },
                {
                  "name": "5097",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5097"
                },
                {
                  "name": "20070924 CMS Made Simple eval injection is really an ADOdb Lite problem",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-September/001800.html"
                },
                {
                  "name": "28873",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28873"
                },
                {
                  "name": "4442",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4442"
                },
                {
                  "name": "5091",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5091"
                },
                {
                  "name": "28859",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28859"
                },
                {
                  "name": "41427",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/41427"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5056",
        "datePublished": "2007-09-24T22:00:00.000Z",
        "dateReserved": "2007-09-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:17:28.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0490 (GCVE-0-2007-0490)

    Vulnerability from cvelistv5 – Published: 2007-01-25 00:00 – Updated: 2024-08-07 12:19
    VLAI
    Summary
    index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-01-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:19:29.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070121 Full Path Disclosure in Open-Realty ( v2.3.4 )",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/457676/100/0/threaded"
              },
              {
                "name": "openrealty-index-path-disclosure(31657)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31657"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-01-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070121 Full Path Disclosure in Open-Realty ( v2.3.4 )",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/457676/100/0/threaded"
            },
            {
              "name": "openrealty-index-path-disclosure(31657)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31657"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0490",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070121 Full Path Disclosure in Open-Realty ( v2.3.4 )",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/457676/100/0/threaded"
                },
                {
                  "name": "openrealty-index-path-disclosure(31657)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31657"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0490",
        "datePublished": "2007-01-25T00:00:00.000Z",
        "dateReserved": "2007-01-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:19:29.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3148 (GCVE-0-2006-3148)

    Vulnerability from cvelistv5 – Published: 2006-06-22 22:00 – Updated: 2024-08-07 18:16
    VLAI
    Summary
    SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/26694 vdb-entryx_refsource_OSVDB
    http://pridels0.blogspot.com/2006/06/open-realty-… x_refsource_MISC
    http://secunia.com/advisories/20704 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/18545 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/2454 vdb-entryx_refsource_VUPEN
    Date Public
    2006-06-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:16:06.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openrealty-index-sql-injection(27210)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27210"
              },
              {
                "name": "26694",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/26694"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pridels0.blogspot.com/2006/06/open-realty-sql-injection-vuln.html"
              },
              {
                "name": "20704",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20704"
              },
              {
                "name": "18545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18545"
              },
              {
                "name": "ADV-2006-2454",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2454"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "openrealty-index-sql-injection(27210)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27210"
            },
            {
              "name": "26694",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/26694"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pridels0.blogspot.com/2006/06/open-realty-sql-injection-vuln.html"
            },
            {
              "name": "20704",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20704"
            },
            {
              "name": "18545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18545"
            },
            {
              "name": "ADV-2006-2454",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2454"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3148",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openrealty-index-sql-injection(27210)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27210"
                },
                {
                  "name": "26694",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/26694"
                },
                {
                  "name": "http://pridels0.blogspot.com/2006/06/open-realty-sql-injection-vuln.html",
                  "refsource": "MISC",
                  "url": "http://pridels0.blogspot.com/2006/06/open-realty-sql-injection-vuln.html"
                },
                {
                  "name": "20704",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20704"
                },
                {
                  "name": "18545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18545"
                },
                {
                  "name": "ADV-2006-2454",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2454"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3148",
        "datePublished": "2006-06-22T22:00:00.000Z",
        "dateReserved": "2006-06-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:16:06.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }