Search
Find a vulnerability
Search criteria
8 vulnerabilities found for aims by oneorzero
CVE-2011-4215 (GCVE-0-2011-4215)
Vulnerability from nvd – Published: 2011-11-01 19:00 – Updated: 2024-08-07 00:01
VLAI
Summary
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://en.securitylab.ru/lab/PT-2011-21 | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/800227 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/50107 | vdb-entryx_refsource_BID |
Date Public
2011-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/lab/PT-2011-21"
},
{
"name": "VU#800227",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800227"
},
{
"name": "50107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action \u0026 Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-27T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/lab/PT-2011-21"
},
{
"name": "VU#800227",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800227"
},
{
"name": "50107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action \u0026 Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2011-21",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2011-21"
},
{
"name": "VU#800227",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800227"
},
{
"name": "50107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4215",
"datePublished": "2011-11-01T19:00:00.000Z",
"dateReserved": "2011-11-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:51.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4214 (GCVE-0-2011-4214)
Vulnerability from nvd – Published: 2011-11-01 19:00 – Updated: 2024-08-07 00:01
VLAI
Summary
OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://en.securitylab.ru/lab/PT-2011-20 | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/800227 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/50107 | vdb-entryx_refsource_BID |
Date Public
2011-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/lab/PT-2011-20"
},
{
"name": "VU#800227",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800227"
},
{
"name": "50107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OneOrZero Action \u0026 Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-27T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/lab/PT-2011-20"
},
{
"name": "VU#800227",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800227"
},
{
"name": "50107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OneOrZero Action \u0026 Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2011-20",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2011-20"
},
{
"name": "VU#800227",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800227"
},
{
"name": "50107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4214",
"datePublished": "2011-11-01T19:00:00.000Z",
"dateReserved": "2011-11-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:51.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4835 (GCVE-0-2010-4835)
Vulnerability from nvd – Published: 2011-09-13 21:00 – Updated: 2024-08-07 04:02
VLAI
Summary
Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8375 | third-party-advisoryx_refsource_SREASON |
| http://packetstormsecurity.org/files/view/95814/o… | x_refsource_MISC |
| http://www.exploit-db.com/exploits/15519 | exploitx_refsource_EXPLOIT-DB |
| http://www.xenuser.org/documents/security/OneOrZe… | x_refsource_MISC |
Date Public
2010-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8375",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt"
},
{
"name": "15519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15519"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8375",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt"
},
{
"name": "15519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15519"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8375",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8375"
},
{
"name": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt"
},
{
"name": "15519",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15519"
},
{
"name": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt",
"refsource": "MISC",
"url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4835",
"datePublished": "2011-09-13T21:00:00.000Z",
"dateReserved": "2011-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:29.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4834 (GCVE-0-2010-4834)
Vulnerability from nvd – Published: 2011-09-13 21:00 – Updated: 2024-08-07 04:02
VLAI
Summary
Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8375 | third-party-advisoryx_refsource_SREASON |
| http://packetstormsecurity.org/files/view/95814/o… | x_refsource_MISC |
| http://www.exploit-db.com/exploits/15519 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/42251 | third-party-advisoryx_refsource_SECUNIA |
| http://www.xenuser.org/documents/security/OneOrZe… | x_refsource_MISC |
Date Public
2010-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8375",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt"
},
{
"name": "15519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15519"
},
{
"name": "42251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8375",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt"
},
{
"name": "15519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15519"
},
{
"name": "42251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8375",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8375"
},
{
"name": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt"
},
{
"name": "15519",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15519"
},
{
"name": "42251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42251"
},
{
"name": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt",
"refsource": "MISC",
"url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4834",
"datePublished": "2011-09-13T21:00:00.000Z",
"dateReserved": "2011-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:30.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4215 (GCVE-0-2011-4215)
Vulnerability from cvelistv5 – Published: 2011-11-01 19:00 – Updated: 2024-08-07 00:01
VLAI
Summary
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://en.securitylab.ru/lab/PT-2011-21 | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/800227 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/50107 | vdb-entryx_refsource_BID |
Date Public
2011-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/lab/PT-2011-21"
},
{
"name": "VU#800227",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800227"
},
{
"name": "50107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action \u0026 Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-27T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/lab/PT-2011-21"
},
{
"name": "VU#800227",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800227"
},
{
"name": "50107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action \u0026 Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2011-21",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2011-21"
},
{
"name": "VU#800227",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800227"
},
{
"name": "50107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4215",
"datePublished": "2011-11-01T19:00:00.000Z",
"dateReserved": "2011-11-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:51.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4214 (GCVE-0-2011-4214)
Vulnerability from cvelistv5 – Published: 2011-11-01 19:00 – Updated: 2024-08-07 00:01
VLAI
Summary
OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://en.securitylab.ru/lab/PT-2011-20 | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/800227 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/50107 | vdb-entryx_refsource_BID |
Date Public
2011-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/lab/PT-2011-20"
},
{
"name": "VU#800227",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800227"
},
{
"name": "50107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OneOrZero Action \u0026 Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-27T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/lab/PT-2011-20"
},
{
"name": "VU#800227",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800227"
},
{
"name": "50107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OneOrZero Action \u0026 Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2011-20",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2011-20"
},
{
"name": "VU#800227",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800227"
},
{
"name": "50107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4214",
"datePublished": "2011-11-01T19:00:00.000Z",
"dateReserved": "2011-11-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:51.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4834 (GCVE-0-2010-4834)
Vulnerability from cvelistv5 – Published: 2011-09-13 21:00 – Updated: 2024-08-07 04:02
VLAI
Summary
Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8375 | third-party-advisoryx_refsource_SREASON |
| http://packetstormsecurity.org/files/view/95814/o… | x_refsource_MISC |
| http://www.exploit-db.com/exploits/15519 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/42251 | third-party-advisoryx_refsource_SECUNIA |
| http://www.xenuser.org/documents/security/OneOrZe… | x_refsource_MISC |
Date Public
2010-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8375",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt"
},
{
"name": "15519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15519"
},
{
"name": "42251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8375",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt"
},
{
"name": "15519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15519"
},
{
"name": "42251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8375",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8375"
},
{
"name": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt"
},
{
"name": "15519",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15519"
},
{
"name": "42251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42251"
},
{
"name": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt",
"refsource": "MISC",
"url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4834",
"datePublished": "2011-09-13T21:00:00.000Z",
"dateReserved": "2011-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:30.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4835 (GCVE-0-2010-4835)
Vulnerability from cvelistv5 – Published: 2011-09-13 21:00 – Updated: 2024-08-07 04:02
VLAI
Summary
Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8375 | third-party-advisoryx_refsource_SREASON |
| http://packetstormsecurity.org/files/view/95814/o… | x_refsource_MISC |
| http://www.exploit-db.com/exploits/15519 | exploitx_refsource_EXPLOIT-DB |
| http://www.xenuser.org/documents/security/OneOrZe… | x_refsource_MISC |
Date Public
2010-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8375",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt"
},
{
"name": "15519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15519"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8375",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt"
},
{
"name": "15519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15519"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8375",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8375"
},
{
"name": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt"
},
{
"name": "15519",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15519"
},
{
"name": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt",
"refsource": "MISC",
"url": "http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4835",
"datePublished": "2011-09-13T21:00:00.000Z",
"dateReserved": "2011-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:29.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}