Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by phpwebscripts
CVE-2010-4843 (GCVE-0-2010-4843)
Vulnerability from nvd – Published: 2011-09-27 10:00 – Updated: 2024-08-07 04:02
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8395 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/45519 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/15790 | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.org/files/view/96822/p… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-12-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8395",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8395"
},
{
"name": "45519",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45519"
},
{
"name": "15790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15790"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96822/phpwsamp-sql.txt"
},
{
"name": "admanagerpro-website-sql-injection(64222)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8395",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8395"
},
{
"name": "45519",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45519"
},
{
"name": "15790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15790"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96822/phpwsamp-sql.txt"
},
{
"name": "admanagerpro-website-sql-injection(64222)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8395",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8395"
},
{
"name": "45519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45519"
},
{
"name": "15790",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15790"
},
{
"name": "http://packetstormsecurity.org/files/view/96822/phpwsamp-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96822/phpwsamp-sql.txt"
},
{
"name": "admanagerpro-website-sql-injection(64222)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4843",
"datePublished": "2011-09-27T10:00:00.000Z",
"dateReserved": "2011-09-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:30.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4784 (GCVE-0-2010-4784)
Vulnerability from nvd – Published: 2011-04-07 14:00 – Updated: 2024-08-07 04:02
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://evuln.com/vulns/147/summary.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/45066 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/514908/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/42316 | third-party-advisoryx_refsource_SECUNIA |
| http://packetstormsecurity.org/files/view/96153/e… | x_refsource_MISC |
| http://www.osvdb.org/69511 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/8184 | third-party-advisoryx_refsource_SREASON |
Date Public
2010-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://evuln.com/vulns/147/summary.html"
},
{
"name": "45066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45066"
},
{
"name": "20101126 [eVuln.com] SQL injection Auth Bypass in Easy Banner Free",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514908/100/0/threaded"
},
{
"name": "42316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42316"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt"
},
{
"name": "69511",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69511"
},
{
"name": "8184",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://evuln.com/vulns/147/summary.html"
},
{
"name": "45066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45066"
},
{
"name": "20101126 [eVuln.com] SQL injection Auth Bypass in Easy Banner Free",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514908/100/0/threaded"
},
{
"name": "42316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42316"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt"
},
{
"name": "69511",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69511"
},
{
"name": "8184",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://evuln.com/vulns/147/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/147/summary.html"
},
{
"name": "45066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45066"
},
{
"name": "20101126 [eVuln.com] SQL injection Auth Bypass in Easy Banner Free",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514908/100/0/threaded"
},
{
"name": "42316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42316"
},
{
"name": "http://packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt"
},
{
"name": "69511",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69511"
},
{
"name": "8184",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4784",
"datePublished": "2011-04-07T14:00:00.000Z",
"dateReserved": "2011-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:29.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4783 (GCVE-0-2010-4783)
Vulnerability from nvd – Published: 2011-04-07 14:00 – Updated: 2024-08-07 04:02
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/69510 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/45066 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/42316 | third-party-advisoryx_refsource_SECUNIA |
| http://evuln.com/vulns/148/summary.html | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/514905/100… | mailing-listx_refsource_BUGTRAQ |
| http://packetstormsecurity.org/files/view/96154/e… | x_refsource_MISC |
Date Public
2010-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:28.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69510",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69510"
},
{
"name": "45066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45066"
},
{
"name": "42316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42316"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://evuln.com/vulns/148/summary.html"
},
{
"name": "20101126 [eVuln.com] URL XSS in Easy Banner Free",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514905/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96154/easybannerfree-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69510",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69510"
},
{
"name": "45066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45066"
},
{
"name": "42316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42316"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://evuln.com/vulns/148/summary.html"
},
{
"name": "20101126 [eVuln.com] URL XSS in Easy Banner Free",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514905/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96154/easybannerfree-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69510",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69510"
},
{
"name": "45066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45066"
},
{
"name": "42316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42316"
},
{
"name": "http://evuln.com/vulns/148/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/148/summary.html"
},
{
"name": "20101126 [eVuln.com] URL XSS in Easy Banner Free",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514905/100/0/threaded"
},
{
"name": "http://packetstormsecurity.org/files/view/96154/easybannerfree-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96154/easybannerfree-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4783",
"datePublished": "2011-04-07T14:00:00.000Z",
"dateReserved": "2011-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:28.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4828 (GCVE-0-2009-4828)
Vulnerability from nvd – Published: 2010-04-27 15:00 – Updated: 2024-08-07 07:17
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/3530 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/37713 | third-party-advisoryx_refsource_SECUNIA |
| http://www.exploit-db.com/exploits/10438 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3530",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3530"
},
{
"name": "37713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37713"
},
{
"name": "10438",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/10438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3530",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3530"
},
{
"name": "37713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37713"
},
{
"name": "10438",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/10438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3530",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3530"
},
{
"name": "37713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37713"
},
{
"name": "10438",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4828",
"datePublished": "2010-04-27T15:00:00.000Z",
"dateReserved": "2010-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:17:25.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4349 (GCVE-0-2009-4349)
Vulnerability from nvd – Published: 2009-12-17 17:00 – Updated: 2024-08-07 07:01
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/3532 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/61017 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/37712 | third-party-advisoryx_refsource_SECUNIA |
| http://www.exploit-db.com/exploits/10436 | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.org/0912-exploits/link… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3532"
},
{
"name": "61017",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61017"
},
{
"name": "37712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37712"
},
{
"name": "10436",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/10436"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0912-exploits/linkupgold-xsrf.txt"
},
{
"name": "linkupgold-administrators-csrf(54759)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54759"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3532"
},
{
"name": "61017",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61017"
},
{
"name": "37712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37712"
},
{
"name": "10436",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/10436"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0912-exploits/linkupgold-xsrf.txt"
},
{
"name": "linkupgold-administrators-csrf(54759)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54759"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3532",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3532"
},
{
"name": "61017",
"refsource": "OSVDB",
"url": "http://osvdb.org/61017"
},
{
"name": "37712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37712"
},
{
"name": "10436",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10436"
},
{
"name": "http://packetstormsecurity.org/0912-exploits/linkupgold-xsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/linkupgold-xsrf.txt"
},
{
"name": "linkupgold-administrators-csrf(54759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54759"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4349",
"datePublished": "2009-12-17T17:00:00.000Z",
"dateReserved": "2009-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:01:20.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4843 (GCVE-0-2010-4843)
Vulnerability from cvelistv5 – Published: 2011-09-27 10:00 – Updated: 2024-08-07 04:02
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8395 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/45519 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/15790 | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.org/files/view/96822/p… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-12-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8395",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8395"
},
{
"name": "45519",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45519"
},
{
"name": "15790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15790"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96822/phpwsamp-sql.txt"
},
{
"name": "admanagerpro-website-sql-injection(64222)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8395",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8395"
},
{
"name": "45519",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45519"
},
{
"name": "15790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15790"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96822/phpwsamp-sql.txt"
},
{
"name": "admanagerpro-website-sql-injection(64222)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8395",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8395"
},
{
"name": "45519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45519"
},
{
"name": "15790",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15790"
},
{
"name": "http://packetstormsecurity.org/files/view/96822/phpwsamp-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96822/phpwsamp-sql.txt"
},
{
"name": "admanagerpro-website-sql-injection(64222)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4843",
"datePublished": "2011-09-27T10:00:00.000Z",
"dateReserved": "2011-09-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:30.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4784 (GCVE-0-2010-4784)
Vulnerability from cvelistv5 – Published: 2011-04-07 14:00 – Updated: 2024-08-07 04:02
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://evuln.com/vulns/147/summary.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/45066 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/514908/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/42316 | third-party-advisoryx_refsource_SECUNIA |
| http://packetstormsecurity.org/files/view/96153/e… | x_refsource_MISC |
| http://www.osvdb.org/69511 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/8184 | third-party-advisoryx_refsource_SREASON |
Date Public
2010-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://evuln.com/vulns/147/summary.html"
},
{
"name": "45066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45066"
},
{
"name": "20101126 [eVuln.com] SQL injection Auth Bypass in Easy Banner Free",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514908/100/0/threaded"
},
{
"name": "42316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42316"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt"
},
{
"name": "69511",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69511"
},
{
"name": "8184",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://evuln.com/vulns/147/summary.html"
},
{
"name": "45066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45066"
},
{
"name": "20101126 [eVuln.com] SQL injection Auth Bypass in Easy Banner Free",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514908/100/0/threaded"
},
{
"name": "42316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42316"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt"
},
{
"name": "69511",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69511"
},
{
"name": "8184",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://evuln.com/vulns/147/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/147/summary.html"
},
{
"name": "45066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45066"
},
{
"name": "20101126 [eVuln.com] SQL injection Auth Bypass in Easy Banner Free",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514908/100/0/threaded"
},
{
"name": "42316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42316"
},
{
"name": "http://packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96153/easybannerfree-sql.txt"
},
{
"name": "69511",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69511"
},
{
"name": "8184",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4784",
"datePublished": "2011-04-07T14:00:00.000Z",
"dateReserved": "2011-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:29.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4783 (GCVE-0-2010-4783)
Vulnerability from cvelistv5 – Published: 2011-04-07 14:00 – Updated: 2024-08-07 04:02
VLAI
EPSS
VEX
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/69510 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/45066 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/42316 | third-party-advisoryx_refsource_SECUNIA |
| http://evuln.com/vulns/148/summary.html | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/514905/100… | mailing-listx_refsource_BUGTRAQ |
| http://packetstormsecurity.org/files/view/96154/e… | x_refsource_MISC |
Date Public
2010-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:28.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69510",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69510"
},
{
"name": "45066",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45066"
},
{
"name": "42316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42316"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://evuln.com/vulns/148/summary.html"
},
{
"name": "20101126 [eVuln.com] URL XSS in Easy Banner Free",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514905/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96154/easybannerfree-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69510",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69510"
},
{
"name": "45066",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45066"
},
{
"name": "42316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42316"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://evuln.com/vulns/148/summary.html"
},
{
"name": "20101126 [eVuln.com] URL XSS in Easy Banner Free",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514905/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96154/easybannerfree-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69510",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69510"
},
{
"name": "45066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45066"
},
{
"name": "42316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42316"
},
{
"name": "http://evuln.com/vulns/148/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/148/summary.html"
},
{
"name": "20101126 [eVuln.com] URL XSS in Easy Banner Free",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514905/100/0/threaded"
},
{
"name": "http://packetstormsecurity.org/files/view/96154/easybannerfree-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96154/easybannerfree-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4783",
"datePublished": "2011-04-07T14:00:00.000Z",
"dateReserved": "2011-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:28.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4828 (GCVE-0-2009-4828)
Vulnerability from cvelistv5 – Published: 2010-04-27 15:00 – Updated: 2024-08-07 07:17
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/3530 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/37713 | third-party-advisoryx_refsource_SECUNIA |
| http://www.exploit-db.com/exploits/10438 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3530",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3530"
},
{
"name": "37713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37713"
},
{
"name": "10438",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/10438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3530",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3530"
},
{
"name": "37713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37713"
},
{
"name": "10438",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/10438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3530",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3530"
},
{
"name": "37713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37713"
},
{
"name": "10438",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4828",
"datePublished": "2010-04-27T15:00:00.000Z",
"dateReserved": "2010-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:17:25.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4349 (GCVE-0-2009-4349)
Vulnerability from cvelistv5 – Published: 2009-12-17 17:00 – Updated: 2024-08-07 07:01
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/3532 | vdb-entryx_refsource_VUPEN |
| http://osvdb.org/61017 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/37712 | third-party-advisoryx_refsource_SECUNIA |
| http://www.exploit-db.com/exploits/10436 | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.org/0912-exploits/link… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3532"
},
{
"name": "61017",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61017"
},
{
"name": "37712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37712"
},
{
"name": "10436",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/10436"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0912-exploits/linkupgold-xsrf.txt"
},
{
"name": "linkupgold-administrators-csrf(54759)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54759"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3532"
},
{
"name": "61017",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61017"
},
{
"name": "37712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37712"
},
{
"name": "10436",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/10436"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0912-exploits/linkupgold-xsrf.txt"
},
{
"name": "linkupgold-administrators-csrf(54759)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54759"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3532",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3532"
},
{
"name": "61017",
"refsource": "OSVDB",
"url": "http://osvdb.org/61017"
},
{
"name": "37712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37712"
},
{
"name": "10436",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10436"
},
{
"name": "http://packetstormsecurity.org/0912-exploits/linkupgold-xsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/linkupgold-xsrf.txt"
},
{
"name": "linkupgold-administrators-csrf(54759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54759"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4349",
"datePublished": "2009-12-17T17:00:00.000Z",
"dateReserved": "2009-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:01:20.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}