Search criteria
11 vulnerabilities by advanced_poll
CVE-2007-0845 (GCVE-0-2007-0845)
Vulnerability from cvelistv5 – Published: 2007-02-08 18:00 – Updated: 2024-08-07 12:34
VLAI?
Summary
admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "advancedpoll-uid-authentication-bypass(32337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32337"
},
{
"name": "22451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22451"
},
{
"name": "3282",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3282"
},
{
"name": "35847",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "advancedpoll-uid-authentication-bypass(32337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32337"
},
{
"name": "22451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22451"
},
{
"name": "3282",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3282"
},
{
"name": "35847",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35847"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "advancedpoll-uid-authentication-bypass(32337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32337"
},
{
"name": "22451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22451"
},
{
"name": "3282",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3282"
},
{
"name": "35847",
"refsource": "OSVDB",
"url": "http://osvdb.org/35847"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0845",
"datePublished": "2007-02-08T18:00:00",
"dateReserved": "2007-02-08T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2130 (GCVE-0-2006-2130)
Vulnerability from cvelistv5 – Published: 2006-05-01 23:00 – Updated: 2024-08-07 17:35
VLAI?
Summary
SQL injection vulnerability in include/class_poll.php in Advanced Poll 2.0.4 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "advancedpoll-classpoll-sql-injection(26152)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26152"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://evuln.com/vulns/131/summary.html"
},
{
"name": "19899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19899"
},
{
"name": "ADV-2006-1603",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1603"
},
{
"name": "25167",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in include/class_poll.php in Advanced Poll 2.0.4 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "advancedpoll-classpoll-sql-injection(26152)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26152"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://evuln.com/vulns/131/summary.html"
},
{
"name": "19899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19899"
},
{
"name": "ADV-2006-1603",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1603"
},
{
"name": "25167",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25167"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in include/class_poll.php in Advanced Poll 2.0.4 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "advancedpoll-classpoll-sql-injection(26152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26152"
},
{
"name": "http://evuln.com/vulns/131/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/131/summary.html"
},
{
"name": "19899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19899"
},
{
"name": "ADV-2006-1603",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1603"
},
{
"name": "25167",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25167"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2130",
"datePublished": "2006-05-01T23:00:00",
"dateReserved": "2006-05-01T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2131 (GCVE-0-2006-2131)
Vulnerability from cvelistv5 – Published: 2006-05-01 23:00 – Updated: 2024-08-07 17:35
VLAI?
Summary
include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://evuln.com/vulns/131/summary.html"
},
{
"name": "19899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19899"
},
{
"name": "advancedpoll-header-spoofing(26154)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26154"
},
{
"name": "ADV-2006-1603",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://evuln.com/vulns/131/summary.html"
},
{
"name": "19899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19899"
},
{
"name": "advancedpoll-header-spoofing(26154)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26154"
},
{
"name": "ADV-2006-1603",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1603"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://evuln.com/vulns/131/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/131/summary.html"
},
{
"name": "19899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19899"
},
{
"name": "advancedpoll-header-spoofing(26154)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26154"
},
{
"name": "ADV-2006-1603",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1603"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2131",
"datePublished": "2006-05-01T23:00:00",
"dateReserved": "2006-05-01T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1616 (GCVE-0-2006-1616)
Vulnerability from cvelistv5 – Published: 2006-04-05 10:00 – Updated: 2024-08-07 17:19
VLAI?
Summary
Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ns79.hosteur.com/~secuti/advancedpoll.txt"
},
{
"name": "advancedpoll-comments-page-sql-injection(25676)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25676"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ns79.hosteur.com/~secuti/advancedpoll.txt"
},
{
"name": "advancedpoll-comments-page-sql-injection(25676)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25676"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ns79.hosteur.com/~secuti/advancedpoll.txt",
"refsource": "MISC",
"url": "http://ns79.hosteur.com/~secuti/advancedpoll.txt"
},
{
"name": "advancedpoll-comments-page-sql-injection(25676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25676"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1616",
"datePublished": "2006-04-05T10:00:00",
"dateReserved": "2006-04-05T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1617 (GCVE-0-2006-1617)
Vulnerability from cvelistv5 – Published: 2006-04-05 10:00 – Updated: 2024-08-07 17:19
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:48.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ns79.hosteur.com/~secuti/advancedpoll.txt"
},
{
"name": "advancedpoll-comments-page-xss(25677)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ns79.hosteur.com/~secuti/advancedpoll.txt"
},
{
"name": "advancedpoll-comments-page-xss(25677)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25677"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ns79.hosteur.com/~secuti/advancedpoll.txt",
"refsource": "MISC",
"url": "http://ns79.hosteur.com/~secuti/advancedpoll.txt"
},
{
"name": "advancedpoll-comments-page-xss(25677)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25677"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1617",
"datePublished": "2006-04-05T10:00:00",
"dateReserved": "2006-04-05T00:00:00",
"dateUpdated": "2024-08-07T17:19:48.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3742 (GCVE-0-2005-3742)
Vulnerability from cvelistv5 – Published: 2005-11-22 11:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:35.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17669"
},
{
"name": "1015245",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015245"
},
{
"name": "15506",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15506"
},
{
"name": "21006",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21006"
},
{
"name": "ADV-2005-2524",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17669"
},
{
"name": "1015245",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015245"
},
{
"name": "15506",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15506"
},
{
"name": "21006",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21006"
},
{
"name": "ADV-2005-2524",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17669",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17669"
},
{
"name": "1015245",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015245"
},
{
"name": "15506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15506"
},
{
"name": "21006",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21006"
},
{
"name": "ADV-2005-2524",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3742",
"datePublished": "2005-11-22T11:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:35.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1180 (GCVE-0-2003-1180)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 02:19
VLAI?
Summary
Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:45.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/342493"
},
{
"name": "8890",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8890"
},
{
"name": "advancedpoll-php-file-include(13514)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13514"
},
{
"name": "10068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10068"
},
{
"name": "3291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/342493"
},
{
"name": "8890",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8890"
},
{
"name": "advancedpoll-php-file-include(13514)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13514"
},
{
"name": "10068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10068"
},
{
"name": "3291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/342493"
},
{
"name": "8890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8890"
},
{
"name": "advancedpoll-php-file-include(13514)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13514"
},
{
"name": "10068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10068"
},
{
"name": "3291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1180",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T02:19:45.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1178 (GCVE-0-2003-1178)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 02:19
VLAI?
Summary
Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:45.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2743",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2743"
},
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/342493"
},
{
"name": "advanced-poll-comments-file-include(29396)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29396"
},
{
"name": "8890",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8890"
},
{
"name": "20061008 Advanced Poll v2.02 :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448007/100/0/threaded"
},
{
"name": "10068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10068"
},
{
"name": "Advanced Poll v2.02 :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-October/001080.html"
},
{
"name": "advancedpoll-php-injection(13513)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13513"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2743",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2743"
},
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/342493"
},
{
"name": "advanced-poll-comments-file-include(29396)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29396"
},
{
"name": "8890",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8890"
},
{
"name": "20061008 Advanced Poll v2.02 :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448007/100/0/threaded"
},
{
"name": "10068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10068"
},
{
"name": "Advanced Poll v2.02 :) \u003c= Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-October/001080.html"
},
{
"name": "advancedpoll-php-injection(13513)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13513"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2743",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2743"
},
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/342493"
},
{
"name": "advanced-poll-comments-file-include(29396)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29396"
},
{
"name": "8890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8890"
},
{
"name": "20061008 Advanced Poll v2.02 :) \u003c= Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448007/100/0/threaded"
},
{
"name": "10068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10068"
},
{
"name": "Advanced Poll v2.02 :) \u003c= Remote File Inclusion",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-October/001080.html"
},
{
"name": "advancedpoll-php-injection(13513)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13513"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1178",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T02:19:45.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1181 (GCVE-0-2003-1181)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 02:19
VLAI?
Summary
Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/342493"
},
{
"name": "3292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3292"
},
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0019.html"
},
{
"name": "advancedpoll-phpinfo-obtain-information(13515)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13515"
},
{
"name": "8890",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8890"
},
{
"name": "10068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/342493"
},
{
"name": "3292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3292"
},
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0019.html"
},
{
"name": "advancedpoll-phpinfo-obtain-information(13515)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13515"
},
{
"name": "8890",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8890"
},
{
"name": "10068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10068"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/342493"
},
{
"name": "3292",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3292"
},
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0019.html"
},
{
"name": "advancedpoll-phpinfo-obtain-information(13515)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13515"
},
{
"name": "8890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8890"
},
{
"name": "10068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10068"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1181",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T02:19:46.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1179 (GCVE-0-2003-1179)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 02:19
VLAI?
Summary
Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:45.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/342493"
},
{
"name": "20060721 SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440780/100/0/threaded"
},
{
"name": "19105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.solpotcrew.org/adv/solpot-adv-02.txt"
},
{
"name": "8890",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8890"
},
{
"name": "advancedpoll-php-file-include(13514)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13514"
},
{
"name": "10068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10068"
},
{
"name": "3291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3291"
},
{
"name": "28988",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/342493"
},
{
"name": "20060721 SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440780/100/0/threaded"
},
{
"name": "19105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.solpotcrew.org/adv/solpot-adv-02.txt"
},
{
"name": "8890",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8890"
},
{
"name": "advancedpoll-php-file-include(13514)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13514"
},
{
"name": "10068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10068"
},
{
"name": "3291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3291"
},
{
"name": "28988",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/342493"
},
{
"name": "20060721 SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440780/100/0/threaded"
},
{
"name": "19105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19105"
},
{
"name": "http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt",
"refsource": "MISC",
"url": "http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt"
},
{
"name": "http://www.solpotcrew.org/adv/solpot-adv-02.txt",
"refsource": "MISC",
"url": "http://www.solpotcrew.org/adv/solpot-adv-02.txt"
},
{
"name": "8890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8890"
},
{
"name": "advancedpoll-php-file-include(13514)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13514"
},
{
"name": "10068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10068"
},
{
"name": "3291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3291"
},
{
"name": "28988",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1179",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T02:19:45.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1423 (GCVE-0-2001-1423)
Vulnerability from cvelistv5 – Published: 2005-03-20 05:00 – Updated: 2024-08-08 04:58
VLAI?
Summary
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#140723",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/140723"
},
{
"name": "1002516",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1002516"
},
{
"name": "advancedpoll-php-admin-access(7861)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#140723",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/140723"
},
{
"name": "1002516",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1002516"
},
{
"name": "advancedpoll-php-admin-access(7861)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7861"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#140723",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/140723"
},
{
"name": "1002516",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1002516"
},
{
"name": "advancedpoll-php-admin-access(7861)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7861"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1423",
"datePublished": "2005-03-20T05:00:00",
"dateReserved": "2005-03-20T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}