60 matches found
Sql injection
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...
CVE-2008-3845
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...
CVE-2008-3845
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...
CVE-2008-3845
Crafty Syntax Live Help (CSLH) prior to version 2.14.6 contains multiple SQL injection vulnerabilities in the server-side logic handling the department parameter for is_xmlhttp.php and is_flush.php. The underlying issue is unsafely constructed SQL queries that allow remote attackers to alter data...
CVE-2008-3840
Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...
CVE-2008-3840
Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...
CVE-2008-3840
The CVE-2008-3840 entry concerns Crafty Syntax Live Help (CSLH) 2.14.6 and earlier, where passwords are stored in cleartext in a MySQL database. The root cause is insecure password storage in plaintext, enabling an attacker with context access to obtain sensitive information from the database. Th...
Crafty Syntax Live Help <= 2.14.6 (department) SQL Injection Vuln
No description provided by source. Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online...
crafty-sql.txt
GulfTech Security Research August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that allows the visitors of ...
Crafty Syntax Live Help <= 2.14.6 SQL Injection
GulfTech Security Research August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that allows the visitors of ...
Crafty Syntax Live Help 2.14.6 - department SQL Injection
Crafty Syntax Live Help 2.14.6 - department SQL Injection Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured,...
Crafty Syntax Live Help <= 2.14.6 (department) SQL Injection Vuln
Exploit for unknown platform in category web applications ================================================================= Crafty Syntax Live Help = 2.14.6 department SQL Injection Vuln ================================================================= Crafty Syntax Live Help = 2.14.6 SQL Injecti...
Crafty Syntax Live Help 2.14.6 - 'department' SQL Injection
Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that...
Cross site scripting
Cross-site scripting XSS vulnerability in livehelpjs.php in Crafty Syntax Live Help CSLH 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter...
CVE-2008-3510
Cross-site scripting XSS vulnerability in livehelpjs.php in Crafty Syntax Live Help CSLH 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter...
CVE-2008-3510
Crafty Syntax Live Help (CSLH) 2.14.6 has an XSS vulnerability in livehelp_js.php via the department parameter. The CVE-2008-3510 entry indicates remote, unauthenticated injection of script/HTML, with CVSSv2 base score 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N). No remediation details are provided in the c...
CVE-2008-3510
Cross-site scripting XSS vulnerability in livehelpjs.php in Crafty Syntax Live Help CSLH 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter...
Crafty Syntax Live Help 2.14.6 - livehelp_js.php Cross-Site Scripting
Crafty Syntax Live Help 2.14.6 - livehelpjs.php Cross-Site Scripting source: https://www.securityfocus.com/bid/30543/info Crafty Syntax Live Help CSLH is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this...
Crafty Syntax Live Help 2.14.6 - 'livehelp_js.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/30543/info Crafty Syntax Live Help CSLH is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
CVE-2008-1183
Multiple cross-site scripting XSS vulnerabilities in Crafty Syntax Live Help CSLH before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 livehelp.php, 2 userquestions.php, and 3 leavemessage.php. NOTE: the lostsheep.php vector is covered by...