118 matches found
CVE-2012-0974
Multiple cross-site scripting XSS vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the 1 sCity, 2 sPattern, 3 sPriceMax, and 4 sPriceMin parameters in a search action to...
CVE-2012-0973
OSClass prior to 2.3.5 is vulnerable to SQL injection via the sCategory parameter in index.php. The root cause is improper handling in osc_search_category_id (hSearch.php) and findBySlug (Category.php), enabling remote command execution. Evidence across sources shows CVE-2012-0973 with CVSS v2 ba...
CVE-2012-0974
OSClass
OSClass directory traversal (leads to arbitrary file upload)
Advisory ID: CSA-12004 Title: OSClass directory traversal vulnerability Product: OSClass Version: 2.3.5 and probably prior Vendor: osclass.org Vulnerability type: Directory traversal Risk level: 2 / 3 Credit: www.codseq.it Vendor notification: 2012-01-25 Public disclosure: 2012-03-07 Original...
OSClass Directory Traversal and Arbitrary File Upload Vulnerabilities
OSClass is prone to a directory-traversal vulnerability and an arbitrary-file- upload vulnerability. An attacker can exploit these issues to obtain sensitive information and to upload arbitrary code and run it in the context of the webserver process. OSClass 2.3.5 is vulnerable; prior versions ma...
OSClass 2.3.5 Directory Traversal
Advisory ID: CSA-12004 Title: OSClass directory traversal vulnerability Product: OSClass Version: 2.3.5 and probably prior Vendor: osclass.org Vulnerability type: Directory traversal Risk level: 2 / 3 Credit: www.codseq.it Vendor notification: 2012-01-25 Public disclosure: 2012-03-07 Original...
OSClass Directory Traversal and Arbitrary File Upload Vulnerabilities
OSClass is prone to a directory traversal vulnerability and an arbitrary-file- upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
OSClass 2.3.x - Directory Traversal / Arbitrary File Upload
source: https://www.securityfocus.com/bid/52336/info OSClass is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive information and to upload arbitrary code and run it in the context of the webserver...
OSClass 2.3.x - Directory Traversal Arbitrary File Upload
OSClass 2.3.x - Directory Traversal Arbitrary File Upload source: https://www.securityfocus.com/bid/52336/info OSClass is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive information and to upload...
Multiple vulnerabilities in OSclass
Advisory ID: HTB23068 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinosclass.html Product: OSclass Vendor: osclass.org http://osclass.org/ Vulnerable Version: 2.3.3 and probably prior Tested Version: 2.3.3 Vendor Notification: 04 January 2012 Vendor Patch: 16 January 2012...
Multiple vulnerabilities in OSClass
Advisory ID: CSA-12003 Title: Multiple vulnerabilities in OSClass Product: OSClass Version: 2.3.4 and probably prior Vendor: osclass.org Vulnerability type: SQL injection, XSS, Remote file inclusion Vendor notification: 2012-01-12 Public disclosure: 2012-01-27 OSClass version 2.3.4 and probably...
OSClass 2.3.4 XSS / RFI / SQL Injection
Advisory ID: CSA-12003 Title: Multiple vulnerabilities in OSClass Product: OSClass Version: 2.3.4 and probably prior Vendor: osclass.org Vulnerability type: SQL injection, XSS, Remote file inclusion Vendor notification: 2012-01-12 Public disclosure: 2012-01-27 OSClass version 2.3.4 and probably...
OSclass 2.3.3 Cross Site Scripting / SQL Injection
Advisory ID: HTB23068 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinosclass.html Product: OSclass Vendor: osclass.org http://osclass.org/ Vulnerable Version: 2.3.3 and probably prior Tested Version: 2.3.3 Vendor Notification: 04 January 2012 Vendor Patch: 16 January 2012...
OSClass 2.3.3 - index.php?getParam() Multiple Cross-Site Scripting Vulnerabilities
OSClass 2.3.3 - index.php?getParam Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/51662/info OSClass is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based...
OSClass 2.3.3 - index.php?sCategory SQL Injection
OSClass 2.3.3 - index.php?sCategory SQL Injection source: https://www.securityfocus.com/bid/51662/info OSClass is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise...
OSClass 2.3.3 - 'index.php?getParam()' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/51662/info OSClass is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit...
OSClass 2.3.3 - 'index.php?sCategory' SQL Injection
source: https://www.securityfocus.com/bid/51662/info OSClass is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit...
Multiple vulnerabilities in OSclass
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OSclass, which can be exploited to perform cross-site scripting and sql injection attacks. 1 SQL Injection in OSclass: CVE-2012-0973. Input passed via the "sCategory" GET parameter to /index.php is not properly...