Search
Find a vulnerability
Search criteria
8 vulnerabilities found for butterfly_organizer by butterflymedia
CVE-2008-7181 (GCVE-0-2008-7181)
Vulnerability from nvd – Published: 2009-09-08 10:00 – Updated: 2024-08-07 11:56
VLAI
Summary
Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5800 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/29703 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5800",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5800"
},
{
"name": "29703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29703"
},
{
"name": "butterfly-categorydelete-security-bypass(43067)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5800",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5800"
},
{
"name": "29703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29703"
},
{
"name": "butterfly-categorydelete-security-bypass(43067)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5800",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5800"
},
{
"name": "29703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29703"
},
{
"name": "butterfly-categorydelete-security-bypass(43067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7181",
"datePublished": "2009-09-08T10:00:00.000Z",
"dateReserved": "2009-09-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6700 (GCVE-0-2008-6700)
Vulnerability from nvd – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:41
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5797 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/29700 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5797"
},
{
"name": "29700",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29700"
},
{
"name": "butterfly-mytable-xss(43066)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5797"
},
{
"name": "29700",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29700"
},
{
"name": "butterfly-mytable-xss(43066)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5797",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5797"
},
{
"name": "29700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29700"
},
{
"name": "butterfly-mytable-xss(43066)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6700",
"datePublished": "2009-04-10T15:00:00.000Z",
"dateReserved": "2009-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6328 (GCVE-0-2008-6328)
Vulnerability from nvd – Published: 2009-02-27 11:00 – Updated: 2024-08-07 11:27
VLAI
Summary
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5797 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/29700 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/7411 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/33086 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5797"
},
{
"name": "29700",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29700"
},
{
"name": "7411",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7411"
},
{
"name": "33086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5797"
},
{
"name": "29700",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29700"
},
{
"name": "7411",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7411"
},
{
"name": "33086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5797",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5797"
},
{
"name": "29700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29700"
},
{
"name": "7411",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7411"
},
{
"name": "33086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6328",
"datePublished": "2009-02-27T11:00:00.000Z",
"dateReserved": "2009-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:27:35.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6311 (GCVE-0-2008-6311)
Vulnerability from nvd – Published: 2009-02-27 11:00 – Updated: 2024-08-07 11:27
VLAI
Summary
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/7411 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/33086 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-12-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "butterfly-mytable-sql-injection(49012)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49012"
},
{
"name": "7411",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7411"
},
{
"name": "33086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "butterfly-mytable-sql-injection(49012)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49012"
},
{
"name": "7411",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7411"
},
{
"name": "33086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "butterfly-mytable-sql-injection(49012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49012"
},
{
"name": "7411",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7411"
},
{
"name": "33086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6311",
"datePublished": "2009-02-27T11:00:00.000Z",
"dateReserved": "2009-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:27:35.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7181 (GCVE-0-2008-7181)
Vulnerability from cvelistv5 – Published: 2009-09-08 10:00 – Updated: 2024-08-07 11:56
VLAI
Summary
Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5800 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/29703 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5800",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5800"
},
{
"name": "29703",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29703"
},
{
"name": "butterfly-categorydelete-security-bypass(43067)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5800",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5800"
},
{
"name": "29703",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29703"
},
{
"name": "butterfly-categorydelete-security-bypass(43067)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5800",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5800"
},
{
"name": "29703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29703"
},
{
"name": "butterfly-categorydelete-security-bypass(43067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7181",
"datePublished": "2009-09-08T10:00:00.000Z",
"dateReserved": "2009-09-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6700 (GCVE-0-2008-6700)
Vulnerability from cvelistv5 – Published: 2009-04-10 15:00 – Updated: 2024-08-07 11:41
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5797 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/29700 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5797"
},
{
"name": "29700",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29700"
},
{
"name": "butterfly-mytable-xss(43066)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5797"
},
{
"name": "29700",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29700"
},
{
"name": "butterfly-mytable-xss(43066)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5797",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5797"
},
{
"name": "29700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29700"
},
{
"name": "butterfly-mytable-xss(43066)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6700",
"datePublished": "2009-04-10T15:00:00.000Z",
"dateReserved": "2009-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:41:59.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6328 (GCVE-0-2008-6328)
Vulnerability from cvelistv5 – Published: 2009-02-27 11:00 – Updated: 2024-08-07 11:27
VLAI
Summary
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5797 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/29700 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/7411 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/33086 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5797"
},
{
"name": "29700",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29700"
},
{
"name": "7411",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7411"
},
{
"name": "33086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5797",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5797"
},
{
"name": "29700",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29700"
},
{
"name": "7411",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7411"
},
{
"name": "33086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5797",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5797"
},
{
"name": "29700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29700"
},
{
"name": "7411",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7411"
},
{
"name": "33086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6328",
"datePublished": "2009-02-27T11:00:00.000Z",
"dateReserved": "2009-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:27:35.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6311 (GCVE-0-2008-6311)
Vulnerability from cvelistv5 – Published: 2009-02-27 11:00 – Updated: 2024-08-07 11:27
VLAI
Summary
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/7411 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/33086 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-12-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "butterfly-mytable-sql-injection(49012)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49012"
},
{
"name": "7411",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7411"
},
{
"name": "33086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "butterfly-mytable-sql-injection(49012)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49012"
},
{
"name": "7411",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7411"
},
{
"name": "33086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "butterfly-mytable-sql-injection(49012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49012"
},
{
"name": "7411",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7411"
},
{
"name": "33086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6311",
"datePublished": "2009-02-27T11:00:00.000Z",
"dateReserved": "2009-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:27:35.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}