BibORB 1.3.2 bibindex.php search Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12583/info BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML...

BibORB 1.3.2 Login Module Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/12583/info BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML...

BibORB 1.3.2 index.php Traversal Arbitrary File Manipulation

No description provided by source. source: http://www.securityfocus.com/bid/12583/info BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML...

BibORB 1.3.2 Add Database Description Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12583/info BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML...

CVE-2005-0252

SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the 1 Username or 2 Password...

CVE-2005-0251

Cross-site scripting XSS vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter...

CVE-2005-0254

BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those...

CVE-2005-0253

Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. dot dot sequences in the databasename parameter...

BibORB.txt

= Advisory: Multiple Vulnerabilities in BibORB = ================================================ Multiple vulnerabilities were found in BibORB which result in SQL injection, XSS, directory traversal and arbitrary file upload. == Details == ============= Product: BibORB Affected Version: 1.3.2,...

CVE-2005-0254

BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those...

CVE-2005-0254

BibORB 1.3.2 and earlier versions are affected by an arbitrary file upload vulnerability due to improper enforcement of restrictions on uploaded files. Specifically, the upload mask allows non-PDF/PS data to be uploaded and then displayed with PDF/PS icons, potentially tricking users into downloa...

CVE-2005-0251

BibORB is affected by a cross-site scripting (XSS) vulnerability in bibindex.php, affecting BibORB 1.3.2 and possibly earlier versions. The issue allows remote attackers to inject arbitrary HTML/script via the search parameter, enabling client-side execution when viewing data. Public reports (e.g...

CVE-2005-0253

CVE-2005-0253 affects BibORB, specifically 1.3.2 and earlier. A directory traversal flaw in index.php (database_name parameter) allows remote attackers with Delete action rights to delete arbitrary files on the host where BibORB runs. Related disclosures (Full-Disclosure advisory, PacketStorm not...

CVE-2005-0253

Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. dot dot sequences in the databasename parameter...

CVE-2005-0252

CVE-2005-0252 concerns BibORB, a web interface for BibTeX. A SQL injection vulnerability affects BibORB 1.3.2 and earlier, where the login procedure allows remote attackers to execute arbitrary SQL commands via the Username or Password fields. The impact is remote compromise of the application, w...

CVE-2005-0254

BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those...

CVE-2005-0252

SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the 1 Username or 2 Password...

CVE-2005-0251

Cross-site scripting XSS vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter...

BibORB 1.3.2 - bibindex.php?search Cross-Site Scripting

BibORB 1.3.2 - bibindex.php?search Cross-Site Scripting source: https://www.securityfocus.com/bid/12583/info BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-si...

PT-2005-1333 · Biborb · Biborb

Name of the Vulnerable Software and Affected Versions: BibORB versions 1.3.2 and earlier Description: The issue allows remote attackers to delete arbitrary files via a Delete action and .. dot dot sequences in the database name parameter in index.php. Recommendations: For BibORB versions 1.3.2 an...