Lucene search
K

118 matches found

Cvelist
Cvelist
added 2012/09/25 11:0 p.m.22 views

CVE-2012-0974

Multiple cross-site scripting XSS vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the 1 sCity, 2 sPattern, 3 sPriceMax, and 4 sPriceMin parameters in a search action to...

5.7AI score0.03521EPSS
Exploits1References6
CVE
CVE
added 2012/09/25 11:0 p.m.54 views

CVE-2012-0973

OSClass prior to 2.3.5 is vulnerable to SQL injection via the sCategory parameter in index.php. The root cause is improper handling in osc_search_category_id (hSearch.php) and findBySlug (Category.php), enabling remote command execution. Evidence across sources shows CVE-2012-0973 with CVSS v2 ba...

7.5CVSS8.7AI score0.02406EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2012/09/25 11:0 p.m.51 views

CVE-2012-0974

OSClass

4.3CVSS5.9AI score0.03521EPSS
Exploits1References6Affected Software1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.56 views

OSClass directory traversal (leads to arbitrary file upload)

Advisory ID: CSA-12004 Title: OSClass directory traversal vulnerability Product: OSClass Version: 2.3.5 and probably prior Vendor: osclass.org Vulnerability type: Directory traversal Risk level: 2 / 3 Credit: www.codseq.it Vendor notification: 2012-01-25 Public disclosure: 2012-03-07 Original...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2012/03/08 12:0 a.m.11 views

OSClass Directory Traversal and Arbitrary File Upload Vulnerabilities

OSClass is prone to a directory-traversal vulnerability and an arbitrary-file- upload vulnerability. An attacker can exploit these issues to obtain sensitive information and to upload arbitrary code and run it in the context of the webserver process. OSClass 2.3.5 is vulnerable; prior versions ma...

0.2AI score
Exploits0References5
Packet Storm
Packet Storm
added 2012/03/08 12:0 a.m.30 views

OSClass 2.3.5 Directory Traversal

Advisory ID: CSA-12004 Title: OSClass directory traversal vulnerability Product: OSClass Version: 2.3.5 and probably prior Vendor: osclass.org Vulnerability type: Directory traversal Risk level: 2 / 3 Credit: www.codseq.it Vendor notification: 2012-01-25 Public disclosure: 2012-03-07 Original...

0.2AI score
Exploits0
OpenVAS
OpenVAS
added 2012/03/08 12:0 a.m.14 views

OSClass Directory Traversal and Arbitrary File Upload Vulnerabilities

OSClass is prone to a directory traversal vulnerability and an arbitrary-file- upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.3AI score
Exploits0References4
Exploit DB
Exploit DB
added 2012/03/07 12:0 a.m.24 views

OSClass 2.3.x - Directory Traversal / Arbitrary File Upload

source: https://www.securityfocus.com/bid/52336/info OSClass is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive information and to upload arbitrary code and run it in the context of the webserver...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2012/03/07 12:0 a.m.21 views

OSClass 2.3.x - Directory Traversal Arbitrary File Upload

OSClass 2.3.x - Directory Traversal Arbitrary File Upload source: https://www.securityfocus.com/bid/52336/info OSClass is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive information and to upload...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.76 views

Multiple vulnerabilities in OSclass

Advisory ID: HTB23068 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinosclass.html Product: OSclass Vendor: osclass.org http://osclass.org/ Vulnerable Version: 2.3.3 and probably prior Tested Version: 2.3.3 Vendor Notification: 04 January 2012 Vendor Patch: 16 January 2012...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.59 views

Multiple vulnerabilities in OSClass

Advisory ID: CSA-12003 Title: Multiple vulnerabilities in OSClass Product: OSClass Version: 2.3.4 and probably prior Vendor: osclass.org Vulnerability type: SQL injection, XSS, Remote file inclusion Vendor notification: 2012-01-12 Public disclosure: 2012-01-27 OSClass version 2.3.4 and probably...

1AI score
Exploits0
Packet Storm
Packet Storm
added 2012/01/30 12:0 a.m.18 views

OSClass 2.3.4 XSS / RFI / SQL Injection

Advisory ID: CSA-12003 Title: Multiple vulnerabilities in OSClass Product: OSClass Version: 2.3.4 and probably prior Vendor: osclass.org Vulnerability type: SQL injection, XSS, Remote file inclusion Vendor notification: 2012-01-12 Public disclosure: 2012-01-27 OSClass version 2.3.4 and probably...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2012/01/25 12:0 a.m.22 views

OSclass 2.3.3 Cross Site Scripting / SQL Injection

Advisory ID: HTB23068 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinosclass.html Product: OSclass Vendor: osclass.org http://osclass.org/ Vulnerable Version: 2.3.3 and probably prior Tested Version: 2.3.3 Vendor Notification: 04 January 2012 Vendor Patch: 16 January 2012...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2012/01/25 12:0 a.m.11 views

OSClass 2.3.3 - index.php?getParam() Multiple Cross-Site Scripting Vulnerabilities

OSClass 2.3.3 - index.php?getParam Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/51662/info OSClass is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2012/01/25 12:0 a.m.18 views

OSClass 2.3.3 - index.php?sCategory SQL Injection

OSClass 2.3.3 - index.php?sCategory SQL Injection source: https://www.securityfocus.com/bid/51662/info OSClass is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2012/01/25 12:0 a.m.21 views

OSClass 2.3.3 - 'index.php?getParam()' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/51662/info OSClass is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/01/25 12:0 a.m.24 views

OSClass 2.3.3 - 'index.php?sCategory' SQL Injection

source: https://www.securityfocus.com/bid/51662/info OSClass is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit...

7.4AI score
Exploits0
htbridge
htbridge
added 2012/01/04 12:0 a.m.52 views

Multiple vulnerabilities in OSclass

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OSclass, which can be exploited to perform cross-site scripting and sql injection attacks. 1 SQL Injection in OSclass: CVE-2012-0973. Input passed via the "sCategory" GET parameter to /index.php is not properly...

7.5CVSS7.2AI score0.03521EPSS
Exploits1Affected Software1
Rows per page
Query Builder