Lucene search
+L

728 matches found

CVE
CVE
added 2008/08/11 11:0 p.m.119 views

CVE-2008-3591

The CVE-2008-3591 issue affects Twentyone Degrees Symphony 1.7.01 and earlier, where the lib/class.admin.php login path processes the sym_auth cookie in a database query. The underlying flaw is a SQL injection that allows an attacker to alter queries, potentially bypass authentication and gain ad...

7.5CVSS8.3AI score0.02082EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/08/04 12:0 a.m.61 views

Symphony sym_auth Cookie SQL Injection

The version of Symphony installed on the remote host fails to sanitize user-supplied input to the 'symauth' cookie before using it in the 'login' function in 'lib/class.admin.php' in a database query. An unauthenticated attacker may be able to exploit this issue to manipulate database queries to...

7.5CVSS5.8AI score0.02082EPSS
Exploits0References1
seebug.org
seebug.org
added 2008/08/01 12:0 a.m.25 views

Symphony <= 1.7.01 (non-patched) Remote Code Execution Exploit

No description provided by source. ?php Symphony = 1.7.01 non-patched Remote Command Execution Exploit by Raz0r http://Raz0r.name Software site: http://21degrees.com.au/ works regardless magicquotesgpc echo "-----------------------------------------------------------------\n"; echo "Symphony =...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/07/31 12:0 a.m.57 views

Symphony 1.7.01 (non-patched) - Remote Code Execution

db-fetchRow0, $sql; ... ... ifisset$COOKIESYMCOOKIE $args = unserialize$COOKIESYMCOOKIE; $result = $this-login$args'username', $args'password', true, false; ------------------/source code--------------------- password value from cookie is not properly sanitized so the code above...

7AI score
Exploits0
Saint
Saint
added 2008/06/20 12:0 a.m.30 views

Lotus Expeditor cai URI handler command injection

Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...

9.3CVSS6.6AI score0.10675EPSS
Exploits5
Saint
Saint
added 2008/06/20 12:0 a.m.31 views

Lotus Expeditor cai URI handler command injection

Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...

9.3CVSS6.6AI score0.10675EPSS
Exploits5
Saint
Saint
added 2008/06/20 12:0 a.m.50 views

Lotus Expeditor cai URI handler command injection

Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...

9.3CVSS6.7AI score0.10675EPSS
Exploits5
Saint
Saint
added 2008/06/20 12:0 a.m.36 views

Lotus Expeditor cai URI handler command injection

Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...

9.3CVSS6.6AI score0.10675EPSS
Exploits5
Rows per page
Query Builder