152 matches found
CVE-2011-3723
Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...
Information disclosure
Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...
CVE-2011-3723
Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...
CVE-2011-3723
Crafty Syntax 3.0.2 is affected by an information-disclosure vulnerability: remote attackers can obtain sensitive data by directly requesting a PHP file, causing an error message that reveals the installation path (demonstrated by README_FILES/livehelp.php and related files). This occurs due to t...
CVE-2010-1326
perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and...
CVE-2008-3845
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...
Sql injection
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...
CVE-2008-3845
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...
CVE-2008-3845
Crafty Syntax Live Help (CSLH) prior to version 2.14.6 contains multiple SQL injection vulnerabilities in the server-side logic handling the department parameter for is_xmlhttp.php and is_flush.php. The underlying issue is unsafely constructed SQL queries that allow remote attackers to alter data...
CVE-2008-3840
Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...
CVE-2008-3840
Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...
CVE-2008-3840
The CVE-2008-3840 entry concerns Crafty Syntax Live Help (CSLH) 2.14.6 and earlier, where passwords are stored in cleartext in a MySQL database. The root cause is insecure password storage in plaintext, enabling an attacker with context access to obtain sensitive information from the database. Th...
Crafty Syntax Live Help <= 2.14.6 (department) SQL Injection Vuln
No description provided by source. Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online...
Crafty Syntax Live Help <= 2.14.6 SQL Injection
GulfTech Security Research August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that allows the visitors of ...
crafty-sql.txt
GulfTech Security Research August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that allows the visitors of ...
Crafty Syntax Live Help 2.14.6 - department SQL Injection
Crafty Syntax Live Help 2.14.6 - department SQL Injection Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured,...
Crafty Syntax Live Help <= 2.14.6 (department) SQL Injection Vuln
Exploit for unknown platform in category web applications ================================================================= Crafty Syntax Live Help = 2.14.6 department SQL Injection Vuln ================================================================= Crafty Syntax Live Help = 2.14.6 SQL Injecti...
Crafty Syntax Live Help 2.14.6 - 'department' SQL Injection
Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that...
Cross site scripting
Cross-site scripting XSS vulnerability in livehelpjs.php in Crafty Syntax Live Help CSLH 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter...
CVE-2008-3510
Cross-site scripting XSS vulnerability in livehelpjs.php in Crafty Syntax Live Help CSLH 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter...