4 matches found
CVE-2008-0391
The CVE-2008-0391 entry concerns inc/elementz.php in aliTalk 1.9.1.1, where authentication verification is flawed, enabling remote attackers to add an arbitrary user account by tampering with the lilil parameter alongside ubild and pa. The vulnerability enables partial confidentiality, integrity,...
CVE-2008-0371
Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magicquotesgpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via 1 the mohit parameter to a inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via 2 the id parameter to...
Sql injection
Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magicquotesgpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via 1 the mohit parameter to a inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via 2 the id parameter to...
CVE-2008-0371
CVE-2008-0371 affects aliTalk 1.9.1.1. The described issue is multiple SQL injection vulnerabilities that occur when magic_quotes_gpc is disabled. Attack paths cited in the sources include remote authenticated users manipulating the mohit parameter to inc/receivertwo.php; remote attackers manipul...