Lucene search
+L

152 matches found

nvd
nvd
added 2011/09/23 11:55 p.m.21 views

CVE-2011-3723

Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...

5CVSS6.1AI score0.01335EPSS
Exploits1References3
prion
prion
added 2011/09/23 11:55 p.m.17 views

Information disclosure

Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...

5CVSS6.7AI score0.01335EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2011/09/23 11:0 p.m.27 views

CVE-2011-3723

Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...

6.1AI score0.01335EPSS
Exploits1References3
cve
cve
added 2011/09/23 11:0 p.m.45 views

CVE-2011-3723

Crafty Syntax 3.0.2 is affected by an information-disclosure vulnerability: remote attackers can obtain sensitive data by directly requesting a PHP file, causing an error message that reveals the installation path (demonstrated by README_FILES/livehelp.php and related files). This occurs due to t...

5CVSS6.3AI score0.01335EPSS
Exploits1References3Affected Software1
ubuntucve
ubuntucve
added 2010/09/15 6:0 p.m.25 views

CVE-2010-1326

perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and...

9.3CVSS6.2AI score0.0515EPSS
Exploits0References1
nvd
nvd
added 2008/08/27 11:41 p.m.19 views

CVE-2008-3845

Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...

7.5CVSS8.5AI score0.01773EPSS
Exploits1References9
prion
prion
added 2008/08/27 11:41 p.m.16 views

Sql injection

Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...

7.5CVSS9.3AI score0.01773EPSS
Exploits1References9Affected Software1
cvelist
cvelist
added 2008/08/27 11:0 p.m.20 views

CVE-2008-3845

Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...

8.5AI score0.01773EPSS
Exploits1References9
cve
cve
added 2008/08/27 11:0 p.m.40 views

CVE-2008-3845

Crafty Syntax Live Help (CSLH) prior to version 2.14.6 contains multiple SQL injection vulnerabilities in the server-side logic handling the department parameter for is_xmlhttp.php and is_flush.php. The underlying issue is unsafely constructed SQL queries that allow remote attackers to alter data...

7.5CVSS8.5AI score0.01773EPSS
Exploits1References9Affected Software1
nvd
nvd
added 2008/08/27 8:41 p.m.15 views

CVE-2008-3840

Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...

5CVSS6.2AI score0.01182EPSS
Exploits1References4
cvelist
cvelist
added 2008/08/27 8:0 p.m.23 views

CVE-2008-3840

Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...

6.2AI score0.01182EPSS
Exploits1References4
cve
cve
added 2008/08/27 8:0 p.m.49 views

CVE-2008-3840

The CVE-2008-3840 entry concerns Crafty Syntax Live Help (CSLH) 2.14.6 and earlier, where passwords are stored in cleartext in a MySQL database. The root cause is insecure password storage in plaintext, enabling an attacker with context access to obtain sensitive information from the database. Th...

5CVSS6.3AI score0.01182EPSS
Exploits1References4Affected Software1
seebug
seebug
added 2008/08/26 12:0 a.m.20 views

Crafty Syntax Live Help <= 2.14.6 (department) SQL Injection Vuln

No description provided by source. Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/08/26 12:0 a.m.91 views

Crafty Syntax Live Help <= 2.14.6 SQL Injection

GulfTech Security Research August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that allows the visitors of ...

1AI score
Exploits0
packetstorm
packetstorm
added 2008/08/26 12:0 a.m.28 views

crafty-sql.txt

GulfTech Security Research August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that allows the visitors of ...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/08/25 12:0 a.m.24 views

Crafty Syntax Live Help 2.14.6 - department SQL Injection

Crafty Syntax Live Help 2.14.6 - department SQL Injection Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured,...

0.5AI score
Exploits0
zdt
zdt
added 2008/08/25 12:0 a.m.13 views

Crafty Syntax Live Help <= 2.14.6 (department) SQL Injection Vuln

Exploit for unknown platform in category web applications ================================================================= Crafty Syntax Live Help = 2.14.6 department SQL Injection Vuln ================================================================= Crafty Syntax Live Help = 2.14.6 SQL Injecti...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2008/08/25 12:0 a.m.36 views

Crafty Syntax Live Help 2.14.6 - &#039;department&#039; SQL Injection

Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that...

7.4AI score
Exploits0
prion
prion
added 2008/08/07 8:41 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in livehelpjs.php in Crafty Syntax Live Help CSLH 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter...

4.3CVSS6.1AI score0.01465EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2008/08/07 8:41 p.m.15 views

CVE-2008-3510

Cross-site scripting XSS vulnerability in livehelpjs.php in Crafty Syntax Live Help CSLH 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter...

4.3CVSS5.7AI score0.01465EPSS
Exploits1References4
Rows per page
Query Builder