Search
Find a vulnerability
Search criteria
6 vulnerabilities by nabocorp
CVE-2007-1166 (GCVE-0-2007-1166)
Vulnerability from nvd – Published: 2007-02-28 15:00 – Updated: 2024-08-07 12:43
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/33753 | vdb-entryx_refsource_OSVDB |
| http://attrition.org/pipermail/vim/2007-February/… | mailing-listx_refsource_VIM |
| http://www.securityfocus.com/archive/1/460765/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/3355 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/2372 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/22649 | vdb-entryx_refsource_BID |
Date Public
2007-02-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33753",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33753"
},
{
"name": "20070222 [TRUE] Nabopoll Blind SQL Injection vulnerabilies",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2007-February/001379.html"
},
{
"name": "20070221 Nabopoll Blind SQL Injection vulnerabilies",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460765/100/0/threaded"
},
{
"name": "3355",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3355"
},
{
"name": "2372",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2372"
},
{
"name": "22649",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33753",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33753"
},
{
"name": "20070222 [TRUE] Nabopoll Blind SQL Injection vulnerabilies",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2007-February/001379.html"
},
{
"name": "20070221 Nabopoll Blind SQL Injection vulnerabilies",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460765/100/0/threaded"
},
{
"name": "3355",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3355"
},
{
"name": "2372",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2372"
},
{
"name": "22649",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33753",
"refsource": "OSVDB",
"url": "http://osvdb.org/33753"
},
{
"name": "20070222 [TRUE] Nabopoll Blind SQL Injection vulnerabilies",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-February/001379.html"
},
{
"name": "20070221 Nabopoll Blind SQL Injection vulnerabilies",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460765/100/0/threaded"
},
{
"name": "3355",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3355"
},
{
"name": "2372",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2372"
},
{
"name": "22649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1166",
"datePublished": "2007-02-28T15:00:00.000Z",
"dateReserved": "2007-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:43:22.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0873 (GCVE-0-2007-0873)
Vulnerability from nvd – Published: 2007-02-12 19:00 – Updated: 2024-08-07 12:34
VLAI
EPSS
VEX
Summary
nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://forums.avenir-geopolitique.net/viewtopic.p… | x_refsource_MISC |
| http://securityreason.com/securityalert/2232 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/33692 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/22509 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/459655/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/3305 | exploitx_refsource_EXPLOIT-DB |
| http://attrition.org/pipermail/vim/2007-February/… | mailing-listx_refsource_VIM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-02-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2643"
},
{
"name": "2232",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2232"
},
{
"name": "33692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33692"
},
{
"name": "22509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22509"
},
{
"name": "20070210 nabopoll 1.1.2 sensitive file (admin without password)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459655/100/0/threaded"
},
{
"name": "3305",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3305"
},
{
"name": "20070215 [milw0rm] exploit 3305",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2007-February/001341.html"
},
{
"name": "nabopoll-adminscripts-unauthorized-access(32472)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2643"
},
{
"name": "2232",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2232"
},
{
"name": "33692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33692"
},
{
"name": "22509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22509"
},
{
"name": "20070210 nabopoll 1.1.2 sensitive file (admin without password)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459655/100/0/threaded"
},
{
"name": "3305",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3305"
},
{
"name": "20070215 [milw0rm] exploit 3305",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2007-February/001341.html"
},
{
"name": "nabopoll-adminscripts-unauthorized-access(32472)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2643",
"refsource": "MISC",
"url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2643"
},
{
"name": "2232",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2232"
},
{
"name": "33692",
"refsource": "OSVDB",
"url": "http://osvdb.org/33692"
},
{
"name": "22509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22509"
},
{
"name": "20070210 nabopoll 1.1.2 sensitive file (admin without password)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459655/100/0/threaded"
},
{
"name": "3305",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3305"
},
{
"name": "20070215 [milw0rm] exploit 3305",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-February/001341.html"
},
{
"name": "nabopoll-adminscripts-unauthorized-access(32472)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0873",
"datePublished": "2007-02-12T19:00:00.000Z",
"dateReserved": "2007-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:34:21.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2157 (GCVE-0-2005-2157)
Vulnerability from nvd – Published: 2005-07-06 04:00 – Updated: 2024-08-07 22:15
VLAI
EPSS
VEX
Summary
PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/15910 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2005/0954 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1014355 | vdb-entryx_refsource_SECTRACK |
Date Public
2005-07-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15910"
},
{
"name": "ADV-2005-0954",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0954"
},
{
"name": "1014355",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15910"
},
{
"name": "ADV-2005-0954",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0954"
},
{
"name": "1014355",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15910",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15910"
},
{
"name": "ADV-2005-0954",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0954"
},
{
"name": "1014355",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2157",
"datePublished": "2005-07-06T04:00:00.000Z",
"dateReserved": "2005-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:15:37.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1166 (GCVE-0-2007-1166)
Vulnerability from cvelistv5 – Published: 2007-02-28 15:00 – Updated: 2024-08-07 12:43
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/33753 | vdb-entryx_refsource_OSVDB |
| http://attrition.org/pipermail/vim/2007-February/… | mailing-listx_refsource_VIM |
| http://www.securityfocus.com/archive/1/460765/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/3355 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/2372 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/22649 | vdb-entryx_refsource_BID |
Date Public
2007-02-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33753",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33753"
},
{
"name": "20070222 [TRUE] Nabopoll Blind SQL Injection vulnerabilies",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2007-February/001379.html"
},
{
"name": "20070221 Nabopoll Blind SQL Injection vulnerabilies",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460765/100/0/threaded"
},
{
"name": "3355",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3355"
},
{
"name": "2372",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2372"
},
{
"name": "22649",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33753",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33753"
},
{
"name": "20070222 [TRUE] Nabopoll Blind SQL Injection vulnerabilies",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2007-February/001379.html"
},
{
"name": "20070221 Nabopoll Blind SQL Injection vulnerabilies",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460765/100/0/threaded"
},
{
"name": "3355",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3355"
},
{
"name": "2372",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2372"
},
{
"name": "22649",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33753",
"refsource": "OSVDB",
"url": "http://osvdb.org/33753"
},
{
"name": "20070222 [TRUE] Nabopoll Blind SQL Injection vulnerabilies",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-February/001379.html"
},
{
"name": "20070221 Nabopoll Blind SQL Injection vulnerabilies",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460765/100/0/threaded"
},
{
"name": "3355",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3355"
},
{
"name": "2372",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2372"
},
{
"name": "22649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1166",
"datePublished": "2007-02-28T15:00:00.000Z",
"dateReserved": "2007-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:43:22.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0873 (GCVE-0-2007-0873)
Vulnerability from cvelistv5 – Published: 2007-02-12 19:00 – Updated: 2024-08-07 12:34
VLAI
EPSS
VEX
Summary
nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://forums.avenir-geopolitique.net/viewtopic.p… | x_refsource_MISC |
| http://securityreason.com/securityalert/2232 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/33692 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/22509 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/459655/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/3305 | exploitx_refsource_EXPLOIT-DB |
| http://attrition.org/pipermail/vim/2007-February/… | mailing-listx_refsource_VIM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-02-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2643"
},
{
"name": "2232",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2232"
},
{
"name": "33692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33692"
},
{
"name": "22509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22509"
},
{
"name": "20070210 nabopoll 1.1.2 sensitive file (admin without password)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459655/100/0/threaded"
},
{
"name": "3305",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3305"
},
{
"name": "20070215 [milw0rm] exploit 3305",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2007-February/001341.html"
},
{
"name": "nabopoll-adminscripts-unauthorized-access(32472)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2643"
},
{
"name": "2232",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2232"
},
{
"name": "33692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33692"
},
{
"name": "22509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22509"
},
{
"name": "20070210 nabopoll 1.1.2 sensitive file (admin without password)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459655/100/0/threaded"
},
{
"name": "3305",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3305"
},
{
"name": "20070215 [milw0rm] exploit 3305",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2007-February/001341.html"
},
{
"name": "nabopoll-adminscripts-unauthorized-access(32472)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2643",
"refsource": "MISC",
"url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2643"
},
{
"name": "2232",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2232"
},
{
"name": "33692",
"refsource": "OSVDB",
"url": "http://osvdb.org/33692"
},
{
"name": "22509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22509"
},
{
"name": "20070210 nabopoll 1.1.2 sensitive file (admin without password)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459655/100/0/threaded"
},
{
"name": "3305",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3305"
},
{
"name": "20070215 [milw0rm] exploit 3305",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-February/001341.html"
},
{
"name": "nabopoll-adminscripts-unauthorized-access(32472)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0873",
"datePublished": "2007-02-12T19:00:00.000Z",
"dateReserved": "2007-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:34:21.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2157 (GCVE-0-2005-2157)
Vulnerability from cvelistv5 – Published: 2005-07-06 04:00 – Updated: 2024-08-07 22:15
VLAI
EPSS
VEX
Summary
PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/15910 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2005/0954 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1014355 | vdb-entryx_refsource_SECTRACK |
Date Public
2005-07-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15910"
},
{
"name": "ADV-2005-0954",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0954"
},
{
"name": "1014355",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15910"
},
{
"name": "ADV-2005-0954",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0954"
},
{
"name": "1014355",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15910",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15910"
},
{
"name": "ADV-2005-0954",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0954"
},
{
"name": "1014355",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2157",
"datePublished": "2005-07-06T04:00:00.000Z",
"dateReserved": "2005-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:15:37.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}