Search
Find a vulnerability
Search criteria
6 vulnerabilities found for activekb by interspire
CVE-2009-4957 (GCVE-0-2009-4957)
Vulnerability from nvd – Published: 2010-07-22 18:00 – Updated: 2024-08-07 07:24
VLAI
Summary
Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/34362 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/8346 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-04-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34362"
},
{
"name": "activekb-loadpanel-file-include(49646)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49646"
},
{
"name": "8346",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34362"
},
{
"name": "activekb-loadpanel-file-include(49646)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49646"
},
{
"name": "8346",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34362"
},
{
"name": "activekb-loadpanel-file-include(49646)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49646"
},
{
"name": "8346",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4957",
"datePublished": "2010-07-22T18:00:00.000Z",
"dateReserved": "2010-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:24:53.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2338 (GCVE-0-2008-2338)
Vulnerability from nvd – Published: 2008-05-19 10:00 – Updated: 2024-08-07 08:58
VLAI
Summary
Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/30265 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1020035 | vdb-entryx_refsource_SECTRACK |
| https://www.exploit-db.com/exploits/5616 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/29226 | vdb-entryx_refsource_BID |
Date Public
2008-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:01.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30265"
},
{
"name": "1020035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020035"
},
{
"name": "5616",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5616"
},
{
"name": "activekb-admin-security-bypass(42427)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42427"
},
{
"name": "29226",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30265"
},
{
"name": "1020035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020035"
},
{
"name": "5616",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5616"
},
{
"name": "activekb-admin-security-bypass(42427)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42427"
},
{
"name": "29226",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30265"
},
{
"name": "1020035",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020035"
},
{
"name": "5616",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5616"
},
{
"name": "activekb-admin-security-bypass(42427)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42427"
},
{
"name": "29226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2338",
"datePublished": "2008-05-19T10:00:00.000Z",
"dateReserved": "2008-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:58:01.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5425 (GCVE-0-2007-5425)
Vulnerability from nvd – Published: 2007-10-12 23:00 – Updated: 2024-08-07 15:31
VLAI
Summary
SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/482006/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3216 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/45486 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityvulns.ru/Rdocument901.html | x_refsource_MISC |
Date Public
2007-08-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3216"
},
{
"name": "45486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45486"
},
{
"name": "activekb-questid-sql-injection(38202)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Rdocument901.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3216"
},
{
"name": "45486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45486"
},
{
"name": "activekb-questid-sql-injection(38202)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Rdocument901.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071010 Vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3216",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3216"
},
{
"name": "45486",
"refsource": "OSVDB",
"url": "http://osvdb.org/45486"
},
{
"name": "activekb-questid-sql-injection(38202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38202"
},
{
"name": "http://securityvulns.ru/Rdocument901.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Rdocument901.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5425",
"datePublished": "2007-10-12T23:00:00.000Z",
"dateReserved": "2007-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:31:58.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4957 (GCVE-0-2009-4957)
Vulnerability from cvelistv5 – Published: 2010-07-22 18:00 – Updated: 2024-08-07 07:24
VLAI
Summary
Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/34362 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/8346 | exploitx_refsource_EXPLOIT-DB |
Date Public
2009-04-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34362"
},
{
"name": "activekb-loadpanel-file-include(49646)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49646"
},
{
"name": "8346",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34362"
},
{
"name": "activekb-loadpanel-file-include(49646)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49646"
},
{
"name": "8346",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34362"
},
{
"name": "activekb-loadpanel-file-include(49646)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49646"
},
{
"name": "8346",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4957",
"datePublished": "2010-07-22T18:00:00.000Z",
"dateReserved": "2010-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:24:53.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2338 (GCVE-0-2008-2338)
Vulnerability from cvelistv5 – Published: 2008-05-19 10:00 – Updated: 2024-08-07 08:58
VLAI
Summary
Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/30265 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1020035 | vdb-entryx_refsource_SECTRACK |
| https://www.exploit-db.com/exploits/5616 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/29226 | vdb-entryx_refsource_BID |
Date Public
2008-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:01.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30265"
},
{
"name": "1020035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020035"
},
{
"name": "5616",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5616"
},
{
"name": "activekb-admin-security-bypass(42427)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42427"
},
{
"name": "29226",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30265"
},
{
"name": "1020035",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020035"
},
{
"name": "5616",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5616"
},
{
"name": "activekb-admin-security-bypass(42427)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42427"
},
{
"name": "29226",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30265"
},
{
"name": "1020035",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020035"
},
{
"name": "5616",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5616"
},
{
"name": "activekb-admin-security-bypass(42427)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42427"
},
{
"name": "29226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2338",
"datePublished": "2008-05-19T10:00:00.000Z",
"dateReserved": "2008-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:58:01.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5425 (GCVE-0-2007-5425)
Vulnerability from cvelistv5 – Published: 2007-10-12 23:00 – Updated: 2024-08-07 15:31
VLAI
Summary
SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/482006/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3216 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/45486 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityvulns.ru/Rdocument901.html | x_refsource_MISC |
Date Public
2007-08-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3216"
},
{
"name": "45486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45486"
},
{
"name": "activekb-questid-sql-injection(38202)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/Rdocument901.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071010 Vulnerabilities digest",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3216"
},
{
"name": "45486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45486"
},
{
"name": "activekb-questid-sql-injection(38202)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/Rdocument901.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071010 Vulnerabilities digest",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482006/100/0/threaded"
},
{
"name": "3216",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3216"
},
{
"name": "45486",
"refsource": "OSVDB",
"url": "http://osvdb.org/45486"
},
{
"name": "activekb-questid-sql-injection(38202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38202"
},
{
"name": "http://securityvulns.ru/Rdocument901.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Rdocument901.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5425",
"datePublished": "2007-10-12T23:00:00.000Z",
"dateReserved": "2007-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:31:58.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}