Search
Find a vulnerability
Search criteria
12 vulnerabilities found for interact by interact
CVE-2008-2220 (GCVE-0-2008-2220)
Vulnerability from nvd – Published: 2008-05-14 18:00 – Updated: 2024-08-07 08:49
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28996 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/5526 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28996"
},
{
"name": "5526",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5526"
},
{
"name": "interact-embedforum-file-include(42113)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28996"
},
{
"name": "5526",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5526"
},
{
"name": "interact-embedforum-file-include(42113)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28996"
},
{
"name": "5526",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5526"
},
{
"name": "interact-embedforum-file-include(42113)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2220",
"datePublished": "2008-05-14T18:00:00.000Z",
"dateReserved": "2008-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:49:58.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4177 (GCVE-0-2007-4177)
Vulnerability from nvd – Published: 2007-08-08 01:11 – Updated: 2024-08-07 14:46
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/36440 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://cce-interact.cvs.sourceforge.net/cce-inter… | x_refsource_MISC |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/25173 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/26304 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36440",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36440"
},
{
"name": "interact-unspecified-xss(35765)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35765"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cce-interact.cvs.sourceforge.net/cce-interact/Interact/includes/common.inc.php?r1=1.259\u0026r2=1.260"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=528858\u0026group_id=69681"
},
{
"name": "25173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25173"
},
{
"name": "26304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36440",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36440"
},
{
"name": "interact-unspecified-xss(35765)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35765"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cce-interact.cvs.sourceforge.net/cce-interact/Interact/includes/common.inc.php?r1=1.259\u0026r2=1.260"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=528858\u0026group_id=69681"
},
{
"name": "25173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25173"
},
{
"name": "26304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26304"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36440",
"refsource": "OSVDB",
"url": "http://osvdb.org/36440"
},
{
"name": "interact-unspecified-xss(35765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35765"
},
{
"name": "http://cce-interact.cvs.sourceforge.net/cce-interact/Interact/includes/common.inc.php?r1=1.259\u0026r2=1.260",
"refsource": "MISC",
"url": "http://cce-interact.cvs.sourceforge.net/cce-interact/Interact/includes/common.inc.php?r1=1.259\u0026r2=1.260"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=528858\u0026group_id=69681",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=528858\u0026group_id=69681"
},
{
"name": "25173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25173"
},
{
"name": "26304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26304"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4177",
"datePublished": "2007-08-08T01:11:00.000Z",
"dateReserved": "2007-08-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3328 (GCVE-0-2007-3328)
Vulnerability from nvd – Published: 2007-06-21 18:00 – Updated: 2024-08-07 14:14
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://osvdb.org/36921 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/36924 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/36925 | vdb-entryx_refsource_OSVDB |
| http://pridels-team.blogspot.com/2007/06/interact… | x_refsource_MISC |
| http://osvdb.org/36923 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/36922 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/36927 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/24573 | vdb-entryx_refsource_BID |
| http://osvdb.org/36929 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/36926 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/36928 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36921"
},
{
"name": "36924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36924"
},
{
"name": "36925",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36925"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels-team.blogspot.com/2007/06/interact-multiple-xss-vuln.html"
},
{
"name": "36923",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36923"
},
{
"name": "36922",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36922"
},
{
"name": "36927",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36927"
},
{
"name": "24573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24573"
},
{
"name": "36929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36929"
},
{
"name": "36926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36926"
},
{
"name": "36928",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36928"
},
{
"name": "interact-multiple-xss(34958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34958"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36921"
},
{
"name": "36924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36924"
},
{
"name": "36925",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36925"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels-team.blogspot.com/2007/06/interact-multiple-xss-vuln.html"
},
{
"name": "36923",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36923"
},
{
"name": "36922",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36922"
},
{
"name": "36927",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36927"
},
{
"name": "24573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24573"
},
{
"name": "36929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36929"
},
{
"name": "36926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36926"
},
{
"name": "36928",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36928"
},
{
"name": "interact-multiple-xss(34958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34958"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36921",
"refsource": "OSVDB",
"url": "http://osvdb.org/36921"
},
{
"name": "36924",
"refsource": "OSVDB",
"url": "http://osvdb.org/36924"
},
{
"name": "36925",
"refsource": "OSVDB",
"url": "http://osvdb.org/36925"
},
{
"name": "http://pridels-team.blogspot.com/2007/06/interact-multiple-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/06/interact-multiple-xss-vuln.html"
},
{
"name": "36923",
"refsource": "OSVDB",
"url": "http://osvdb.org/36923"
},
{
"name": "36922",
"refsource": "OSVDB",
"url": "http://osvdb.org/36922"
},
{
"name": "36927",
"refsource": "OSVDB",
"url": "http://osvdb.org/36927"
},
{
"name": "24573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24573"
},
{
"name": "36929",
"refsource": "OSVDB",
"url": "http://osvdb.org/36929"
},
{
"name": "36926",
"refsource": "OSVDB",
"url": "http://osvdb.org/36926"
},
{
"name": "36928",
"refsource": "OSVDB",
"url": "http://osvdb.org/36928"
},
{
"name": "interact-multiple-xss(34958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34958"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3328",
"datePublished": "2007-06-21T18:00:00.000Z",
"dateReserved": "2007-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:14:12.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1644 (GCVE-0-2006-1644)
Vulnerability from nvd – Published: 2006-04-06 10:00 – Updated: 2024-08-07 17:19
VLAI
Summary
login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/19488 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/1244 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/24388 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19488"
},
{
"name": "ADV-2006-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24388"
},
{
"name": "interact-login-error-info-disclosure(25651)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19488"
},
{
"name": "ADV-2006-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24388"
},
{
"name": "interact-login-error-info-disclosure(25651)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25651"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19488"
},
{
"name": "ADV-2006-1244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24388",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24388"
},
{
"name": "interact-login-error-info-disclosure(25651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25651"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1644",
"datePublished": "2006-04-06T10:00:00.000Z",
"dateReserved": "2006-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:19:49.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1642 (GCVE-0-2006-1642)
Vulnerability from nvd – Published: 2006-04-06 10:00 – Updated: 2024-08-07 17:19
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/19488 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/24461 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/24389 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2006/1244 | vdb-entryx_refsource_VUPEN |
Date Public
2006-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:48.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19488"
},
{
"name": "24461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24461"
},
{
"name": "interact-search-xss(25652)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25652"
},
{
"name": "24389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24389"
},
{
"name": "ADV-2006-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19488"
},
{
"name": "24461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24461"
},
{
"name": "interact-search-xss(25652)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25652"
},
{
"name": "24389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24389"
},
{
"name": "ADV-2006-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19488"
},
{
"name": "24461",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24461"
},
{
"name": "interact-search-xss(25652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25652"
},
{
"name": "24389",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24389"
},
{
"name": "ADV-2006-1244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1642",
"datePublished": "2006-04-06T10:00:00.000Z",
"dateReserved": "2006-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:19:48.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1643 (GCVE-0-2006-1643)
Vulnerability from nvd – Published: 2006-04-06 10:00 – Updated: 2024-08-07 17:19
VLAI
Summary
SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/19488 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/17385 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/1244 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/24390 | vdb-entryx_refsource_OSVDB |
Date Public
2006-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:48.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19488"
},
{
"name": "17385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17385"
},
{
"name": "interact-login-sql-injection(25653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25653"
},
{
"name": "ADV-2006-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19488"
},
{
"name": "17385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17385"
},
{
"name": "interact-login-sql-injection(25653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25653"
},
{
"name": "ADV-2006-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24390"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19488"
},
{
"name": "17385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17385"
},
{
"name": "interact-login-sql-injection(25653)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25653"
},
{
"name": "ADV-2006-1244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24390",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1643",
"datePublished": "2006-04-06T10:00:00.000Z",
"dateReserved": "2006-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:19:48.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2220 (GCVE-0-2008-2220)
Vulnerability from cvelistv5 – Published: 2008-05-14 18:00 – Updated: 2024-08-07 08:49
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28996 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/5526 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28996"
},
{
"name": "5526",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5526"
},
{
"name": "interact-embedforum-file-include(42113)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28996"
},
{
"name": "5526",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5526"
},
{
"name": "interact-embedforum-file-include(42113)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28996"
},
{
"name": "5526",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5526"
},
{
"name": "interact-embedforum-file-include(42113)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2220",
"datePublished": "2008-05-14T18:00:00.000Z",
"dateReserved": "2008-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:49:58.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4177 (GCVE-0-2007-4177)
Vulnerability from cvelistv5 – Published: 2007-08-08 01:11 – Updated: 2024-08-07 14:46
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/36440 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://cce-interact.cvs.sourceforge.net/cce-inter… | x_refsource_MISC |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/25173 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/26304 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36440",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36440"
},
{
"name": "interact-unspecified-xss(35765)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35765"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cce-interact.cvs.sourceforge.net/cce-interact/Interact/includes/common.inc.php?r1=1.259\u0026r2=1.260"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=528858\u0026group_id=69681"
},
{
"name": "25173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25173"
},
{
"name": "26304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36440",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36440"
},
{
"name": "interact-unspecified-xss(35765)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35765"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cce-interact.cvs.sourceforge.net/cce-interact/Interact/includes/common.inc.php?r1=1.259\u0026r2=1.260"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=528858\u0026group_id=69681"
},
{
"name": "25173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25173"
},
{
"name": "26304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26304"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36440",
"refsource": "OSVDB",
"url": "http://osvdb.org/36440"
},
{
"name": "interact-unspecified-xss(35765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35765"
},
{
"name": "http://cce-interact.cvs.sourceforge.net/cce-interact/Interact/includes/common.inc.php?r1=1.259\u0026r2=1.260",
"refsource": "MISC",
"url": "http://cce-interact.cvs.sourceforge.net/cce-interact/Interact/includes/common.inc.php?r1=1.259\u0026r2=1.260"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=528858\u0026group_id=69681",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=528858\u0026group_id=69681"
},
{
"name": "25173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25173"
},
{
"name": "26304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26304"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4177",
"datePublished": "2007-08-08T01:11:00.000Z",
"dateReserved": "2007-08-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3328 (GCVE-0-2007-3328)
Vulnerability from cvelistv5 – Published: 2007-06-21 18:00 – Updated: 2024-08-07 14:14
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://osvdb.org/36921 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/36924 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/36925 | vdb-entryx_refsource_OSVDB |
| http://pridels-team.blogspot.com/2007/06/interact… | x_refsource_MISC |
| http://osvdb.org/36923 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/36922 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/36927 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/24573 | vdb-entryx_refsource_BID |
| http://osvdb.org/36929 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/36926 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/36928 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36921"
},
{
"name": "36924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36924"
},
{
"name": "36925",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36925"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels-team.blogspot.com/2007/06/interact-multiple-xss-vuln.html"
},
{
"name": "36923",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36923"
},
{
"name": "36922",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36922"
},
{
"name": "36927",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36927"
},
{
"name": "24573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24573"
},
{
"name": "36929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36929"
},
{
"name": "36926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36926"
},
{
"name": "36928",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36928"
},
{
"name": "interact-multiple-xss(34958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34958"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36921"
},
{
"name": "36924",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36924"
},
{
"name": "36925",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36925"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels-team.blogspot.com/2007/06/interact-multiple-xss-vuln.html"
},
{
"name": "36923",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36923"
},
{
"name": "36922",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36922"
},
{
"name": "36927",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36927"
},
{
"name": "24573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24573"
},
{
"name": "36929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36929"
},
{
"name": "36926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36926"
},
{
"name": "36928",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36928"
},
{
"name": "interact-multiple-xss(34958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34958"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36921",
"refsource": "OSVDB",
"url": "http://osvdb.org/36921"
},
{
"name": "36924",
"refsource": "OSVDB",
"url": "http://osvdb.org/36924"
},
{
"name": "36925",
"refsource": "OSVDB",
"url": "http://osvdb.org/36925"
},
{
"name": "http://pridels-team.blogspot.com/2007/06/interact-multiple-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/06/interact-multiple-xss-vuln.html"
},
{
"name": "36923",
"refsource": "OSVDB",
"url": "http://osvdb.org/36923"
},
{
"name": "36922",
"refsource": "OSVDB",
"url": "http://osvdb.org/36922"
},
{
"name": "36927",
"refsource": "OSVDB",
"url": "http://osvdb.org/36927"
},
{
"name": "24573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24573"
},
{
"name": "36929",
"refsource": "OSVDB",
"url": "http://osvdb.org/36929"
},
{
"name": "36926",
"refsource": "OSVDB",
"url": "http://osvdb.org/36926"
},
{
"name": "36928",
"refsource": "OSVDB",
"url": "http://osvdb.org/36928"
},
{
"name": "interact-multiple-xss(34958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34958"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3328",
"datePublished": "2007-06-21T18:00:00.000Z",
"dateReserved": "2007-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:14:12.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1644 (GCVE-0-2006-1644)
Vulnerability from cvelistv5 – Published: 2006-04-06 10:00 – Updated: 2024-08-07 17:19
VLAI
Summary
login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/19488 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/1244 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/24388 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19488"
},
{
"name": "ADV-2006-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24388"
},
{
"name": "interact-login-error-info-disclosure(25651)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19488"
},
{
"name": "ADV-2006-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24388"
},
{
"name": "interact-login-error-info-disclosure(25651)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25651"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19488"
},
{
"name": "ADV-2006-1244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24388",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24388"
},
{
"name": "interact-login-error-info-disclosure(25651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25651"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1644",
"datePublished": "2006-04-06T10:00:00.000Z",
"dateReserved": "2006-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:19:49.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1642 (GCVE-0-2006-1642)
Vulnerability from cvelistv5 – Published: 2006-04-06 10:00 – Updated: 2024-08-07 17:19
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/19488 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/24461 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/24389 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2006/1244 | vdb-entryx_refsource_VUPEN |
Date Public
2006-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:48.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19488"
},
{
"name": "24461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24461"
},
{
"name": "interact-search-xss(25652)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25652"
},
{
"name": "24389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24389"
},
{
"name": "ADV-2006-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19488"
},
{
"name": "24461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24461"
},
{
"name": "interact-search-xss(25652)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25652"
},
{
"name": "24389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24389"
},
{
"name": "ADV-2006-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19488"
},
{
"name": "24461",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24461"
},
{
"name": "interact-search-xss(25652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25652"
},
{
"name": "24389",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24389"
},
{
"name": "ADV-2006-1244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1642",
"datePublished": "2006-04-06T10:00:00.000Z",
"dateReserved": "2006-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:19:48.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1643 (GCVE-0-2006-1643)
Vulnerability from cvelistv5 – Published: 2006-04-06 10:00 – Updated: 2024-08-07 17:19
VLAI
Summary
SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/19488 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/17385 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/1244 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/24390 | vdb-entryx_refsource_OSVDB |
Date Public
2006-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:48.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19488"
},
{
"name": "17385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17385"
},
{
"name": "interact-login-sql-injection(25653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25653"
},
{
"name": "ADV-2006-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19488"
},
{
"name": "17385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17385"
},
{
"name": "interact-login-sql-injection(25653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25653"
},
{
"name": "ADV-2006-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24390"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19488"
},
{
"name": "17385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17385"
},
{
"name": "interact-login-sql-injection(25653)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25653"
},
{
"name": "ADV-2006-1244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1244"
},
{
"name": "24390",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1643",
"datePublished": "2006-04-06T10:00:00.000Z",
"dateReserved": "2006-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:19:48.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}