Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by quickersite
CVE-2008-6678 (GCVE-0-2008-6678)
Vulnerability from nvd – Published: 2009-04-08 10:00 – Updated: 2024-08-07 11:41
VLAI
Summary
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.bugreport.ir/39/exploit.htm | x_refsource_MISC |
| http://osvdb.org/46228 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.bugreport.ir/index_39.htm | x_refsource_MISC |
| http://secunia.com/advisories/30501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29524 | vdb-entryx_refsource_BID |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "46228",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46228"
},
{
"name": "quickersite-snickname-sql-injection(42866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42866"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "46228",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46228"
},
{
"name": "quickersite-snickname-sql-injection(42866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42866"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/39/exploit.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "46228",
"refsource": "OSVDB",
"url": "http://osvdb.org/46228"
},
{
"name": "quickersite-snickname-sql-injection(42866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42866"
},
{
"name": "http://www.bugreport.ir/index_39.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6678",
"datePublished": "2009-04-08T10:00:00.000Z",
"dateReserved": "2009-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6677 (GCVE-0-2008-6677)
Vulnerability from nvd – Published: 2009-04-08 10:00 – Updated: 2024-08-07 11:41
VLAI
Summary
Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.bugreport.ir/39/exploit.htm | x_refsource_MISC |
| http://www.bugreport.ir/index_39.htm | x_refsource_MISC |
| http://secunia.com/advisories/30501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29524 | vdb-entryx_refsource_BID |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:58.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-23T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/39/exploit.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "http://www.bugreport.ir/index_39.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6677",
"datePublished": "2009-04-08T10:00:00.000Z",
"dateReserved": "2009-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:58.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6676 (GCVE-0-2008-6676)
Vulnerability from nvd – Published: 2009-04-08 10:00 – Updated: 2024-08-07 11:41
VLAI
Summary
QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.bugreport.ir/39/exploit.htm | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.bugreport.ir/index_39.htm | x_refsource_MISC |
| http://secunia.com/advisories/30501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29524 | vdb-entryx_refsource_BID |
| http://osvdb.org/46222 | vdb-entryx_refsource_OSVDB |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "quickersite-showthumb-path-disclosure(42861)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29524"
},
{
"name": "46222",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "quickersite-showthumb-path-disclosure(42861)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29524"
},
{
"name": "46222",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/39/exploit.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "quickersite-showthumb-path-disclosure(42861)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42861"
},
{
"name": "http://www.bugreport.ir/index_39.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29524"
},
{
"name": "46222",
"refsource": "OSVDB",
"url": "http://osvdb.org/46222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6676",
"datePublished": "2009-04-08T10:00:00.000Z",
"dateReserved": "2009-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6675 (GCVE-0-2008-6675)
Vulnerability from nvd – Published: 2009-04-08 10:00 – Updated: 2024-08-07 11:41
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.bugreport.ir/39/exploit.htm | x_refsource_MISC |
| http://osvdb.org/46221 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.bugreport.ir/index_39.htm | x_refsource_MISC |
| http://secunia.com/advisories/30501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29524 | vdb-entryx_refsource_BID |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "46221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46221"
},
{
"name": "quickersite-showthumb-xss(42860)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42860"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "46221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46221"
},
{
"name": "quickersite-showthumb-xss(42860)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42860"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/39/exploit.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "46221",
"refsource": "OSVDB",
"url": "http://osvdb.org/46221"
},
{
"name": "quickersite-showthumb-xss(42860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42860"
},
{
"name": "http://www.bugreport.ir/index_39.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6675",
"datePublished": "2009-04-08T10:00:00.000Z",
"dateReserved": "2009-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6674 (GCVE-0-2008-6674)
Vulnerability from nvd – Published: 2009-04-08 10:00 – Updated: 2024-08-07 11:41
VLAI
Summary
mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.bugreport.ir/39/exploit.htm | x_refsource_MISC |
| http://www.bugreport.ir/index_39.htm | x_refsource_MISC |
| http://secunia.com/advisories/30501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29524 | vdb-entryx_refsource_BID |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-23T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/39/exploit.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "http://www.bugreport.ir/index_39.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6674",
"datePublished": "2009-04-08T10:00:00.000Z",
"dateReserved": "2009-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6673 (GCVE-0-2008-6673)
Vulnerability from nvd – Published: 2009-04-08 10:00 – Updated: 2024-08-07 11:41
VLAI
Summary
asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.bugreport.ir/39/exploit.htm | x_refsource_MISC |
| http://www.bugreport.ir/index_39.htm | x_refsource_MISC |
| http://secunia.com/advisories/30501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29524 | vdb-entryx_refsource_BID |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-23T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/39/exploit.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "http://www.bugreport.ir/index_39.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6673",
"datePublished": "2009-04-08T10:00:00.000Z",
"dateReserved": "2009-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3940 (GCVE-0-2007-3940)
Vulnerability from nvd – Published: 2007-07-21 00:00 – Updated: 2024-08-07 14:37
VLAI
Summary
Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/24948 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/26094 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/2910 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packetstormsecurity.org/0707-advisories/qu… | x_refsource_MISC |
Date Public
2007-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24948",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24948"
},
{
"name": "26094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26094"
},
{
"name": "2910",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2910"
},
{
"name": "quickersite-default-xss(35470)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0707-advisories/quickersite-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24948",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24948"
},
{
"name": "26094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26094"
},
{
"name": "2910",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2910"
},
{
"name": "quickersite-default-xss(35470)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0707-advisories/quickersite-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24948"
},
{
"name": "26094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26094"
},
{
"name": "2910",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2910"
},
{
"name": "quickersite-default-xss(35470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35470"
},
{
"name": "http://packetstormsecurity.org/0707-advisories/quickersite-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0707-advisories/quickersite-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3940",
"datePublished": "2007-07-21T00:00:00.000Z",
"dateReserved": "2007-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:05.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6677 (GCVE-0-2008-6677)
Vulnerability from cvelistv5 – Published: 2009-04-08 10:00 – Updated: 2024-08-07 11:41
VLAI
Summary
Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.bugreport.ir/39/exploit.htm | x_refsource_MISC |
| http://www.bugreport.ir/index_39.htm | x_refsource_MISC |
| http://secunia.com/advisories/30501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29524 | vdb-entryx_refsource_BID |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:58.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-23T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/39/exploit.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "http://www.bugreport.ir/index_39.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6677",
"datePublished": "2009-04-08T10:00:00.000Z",
"dateReserved": "2009-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:58.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6678 (GCVE-0-2008-6678)
Vulnerability from cvelistv5 – Published: 2009-04-08 10:00 – Updated: 2024-08-07 11:41
VLAI
Summary
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.bugreport.ir/39/exploit.htm | x_refsource_MISC |
| http://osvdb.org/46228 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.bugreport.ir/index_39.htm | x_refsource_MISC |
| http://secunia.com/advisories/30501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29524 | vdb-entryx_refsource_BID |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "46228",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46228"
},
{
"name": "quickersite-snickname-sql-injection(42866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42866"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "46228",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46228"
},
{
"name": "quickersite-snickname-sql-injection(42866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42866"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/39/exploit.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "46228",
"refsource": "OSVDB",
"url": "http://osvdb.org/46228"
},
{
"name": "quickersite-snickname-sql-injection(42866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42866"
},
{
"name": "http://www.bugreport.ir/index_39.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6678",
"datePublished": "2009-04-08T10:00:00.000Z",
"dateReserved": "2009-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6674 (GCVE-0-2008-6674)
Vulnerability from cvelistv5 – Published: 2009-04-08 10:00 – Updated: 2024-08-07 11:41
VLAI
Summary
mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.bugreport.ir/39/exploit.htm | x_refsource_MISC |
| http://www.bugreport.ir/index_39.htm | x_refsource_MISC |
| http://secunia.com/advisories/30501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29524 | vdb-entryx_refsource_BID |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-23T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/39/exploit.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "http://www.bugreport.ir/index_39.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6674",
"datePublished": "2009-04-08T10:00:00.000Z",
"dateReserved": "2009-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6675 (GCVE-0-2008-6675)
Vulnerability from cvelistv5 – Published: 2009-04-08 10:00 – Updated: 2024-08-07 11:41
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.bugreport.ir/39/exploit.htm | x_refsource_MISC |
| http://osvdb.org/46221 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.bugreport.ir/index_39.htm | x_refsource_MISC |
| http://secunia.com/advisories/30501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29524 | vdb-entryx_refsource_BID |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "46221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46221"
},
{
"name": "quickersite-showthumb-xss(42860)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42860"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "46221",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46221"
},
{
"name": "quickersite-showthumb-xss(42860)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42860"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/39/exploit.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "46221",
"refsource": "OSVDB",
"url": "http://osvdb.org/46221"
},
{
"name": "quickersite-showthumb-xss(42860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42860"
},
{
"name": "http://www.bugreport.ir/index_39.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6675",
"datePublished": "2009-04-08T10:00:00.000Z",
"dateReserved": "2009-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6673 (GCVE-0-2008-6673)
Vulnerability from cvelistv5 – Published: 2009-04-08 10:00 – Updated: 2024-08-07 11:41
VLAI
Summary
asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.bugreport.ir/39/exploit.htm | x_refsource_MISC |
| http://www.bugreport.ir/index_39.htm | x_refsource_MISC |
| http://secunia.com/advisories/30501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29524 | vdb-entryx_refsource_BID |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-23T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/39/exploit.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "http://www.bugreport.ir/index_39.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6673",
"datePublished": "2009-04-08T10:00:00.000Z",
"dateReserved": "2009-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6676 (GCVE-0-2008-6676)
Vulnerability from cvelistv5 – Published: 2009-04-08 10:00 – Updated: 2024-08-07 11:41
VLAI
Summary
QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.bugreport.ir/39/exploit.htm | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.bugreport.ir/index_39.htm | x_refsource_MISC |
| http://secunia.com/advisories/30501 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29524 | vdb-entryx_refsource_BID |
| http://osvdb.org/46222 | vdb-entryx_refsource_OSVDB |
Date Public
2008-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "quickersite-showthumb-path-disclosure(42861)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29524"
},
{
"name": "46222",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "quickersite-showthumb-path-disclosure(42861)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29524"
},
{
"name": "46222",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QuickerSite 1.8.5 allows remote attackers to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/39/exploit.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/39/exploit.htm"
},
{
"name": "quickersite-showthumb-path-disclosure(42861)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42861"
},
{
"name": "http://www.bugreport.ir/index_39.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_39.htm"
},
{
"name": "30501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30501"
},
{
"name": "29524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29524"
},
{
"name": "46222",
"refsource": "OSVDB",
"url": "http://osvdb.org/46222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6676",
"datePublished": "2009-04-08T10:00:00.000Z",
"dateReserved": "2009-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3940 (GCVE-0-2007-3940)
Vulnerability from cvelistv5 – Published: 2007-07-21 00:00 – Updated: 2024-08-07 14:37
VLAI
Summary
Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/24948 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/26094 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/2910 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packetstormsecurity.org/0707-advisories/qu… | x_refsource_MISC |
Date Public
2007-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24948",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24948"
},
{
"name": "26094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26094"
},
{
"name": "2910",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2910"
},
{
"name": "quickersite-default-xss(35470)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0707-advisories/quickersite-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24948",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24948"
},
{
"name": "26094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26094"
},
{
"name": "2910",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2910"
},
{
"name": "quickersite-default-xss(35470)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0707-advisories/quickersite-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24948"
},
{
"name": "26094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26094"
},
{
"name": "2910",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2910"
},
{
"name": "quickersite-default-xss(35470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35470"
},
{
"name": "http://packetstormsecurity.org/0707-advisories/quickersite-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0707-advisories/quickersite-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3940",
"datePublished": "2007-07-21T00:00:00.000Z",
"dateReserved": "2007-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:05.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}