33 matches found
EUVD-2014-1710
Malware in sbrugna...
CVE-2014-1914
Multiple cross-site scripting XSS vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the 1 topic parameter to sw/addtopic.php or 2 nick parameter to sw/chat/message.php...
CVE-2014-1915
Multiple cross-site request forgery CSRF vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of 1 administrators for requests that change the administrator password via an update action to sw/adminchangepassword.php or 2...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the 1 topic parameter to sw/addtopic.php or 2 nick parameter to sw/chat/message.php...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of 1 administrators for requests that change the administrator password via an update action to sw/adminchangepassword.php or 2...
CVE-2014-1914
Multiple cross-site scripting XSS vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the 1 topic parameter to sw/addtopic.php or 2 nick parameter to sw/chat/message.php...
CVE-2014-1915
Multiple cross-site request forgery CSRF vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of 1 administrators for requests that change the administrator password via an update action to sw/adminchangepassword.php or 2...
CVE-2014-1915
CVE-2014-1915 affects Command School Student Management System 1.06.01 and involves Multiple CSRF vulnerabilities. The described flaws allow remote attackers to hijack admin authentication for password changes via sw/admin_change_password.php and to perform add_topic.php actions (adding a topic o...
CVE-2014-1636
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to 1 adminschoolnames.php, 2 adminsubjects.php, 3 admingrades.php, 4 adminterms.php, 5 adminschoolyears.php, 6...
Sql injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to 1 adminschoolnames.php, 2 adminsubjects.php, 3 admingrades.php, 4 adminterms.php, 5 adminschoolyears.php, 6...
Server side request forgery (ssrf)
Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backupray2.php, which allows remote attackers to download a database backup via a direct request...
CVE-2014-1636
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to 1 adminschoolnames.php, 2 adminsubjects.php, 3 admingrades.php, 4 adminterms.php, 5 adminschoolyears.php, 6...
CVE-2014-1637
Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backupray2.php, which allows remote attackers to download a database backup via a direct request...
CVE-2014-1637
CVE-2014-1637 affects Command School Student Management System 1.06.01. The issue is an improper access restriction on sw/backup/backup_ray2.php, allowing remote attackers to download a database backup via a direct request. Public exposure is indicated by referenced exploit information (Exploit-D...
CVE-2014-1636
CVE-2014-1636 describes multiple SQL injection vulnerabilities in the Command School Student Management System 1.06.01 . The flaw allows remote attackers to execute arbitrary SQL commands by manipulating the id parameter in an edit action across multiple admin pages (admin_school_names.php, admin...
Command School Student Management System - '/sw/admin_generations.php?id' SQL Injection
source: https://www.securityfocus.com/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A cross-site scripting vulnerability 4. An HTML injection...
Command School Student Management System - '/sw/admin_terms.php?id' SQL Injection
source: https://www.securityfocus.com/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A cross-site scripting vulnerability 4. An HTML injection...
Command School Student Management System - '/sw/health_allergies.php?id' SQL Injection
source: https://www.securityfocus.com/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A cross-site scripting vulnerability 4. An HTML injection...
Command School Student Management System - '/sw/admin_titles.php?id' SQL Injection
source: https://www.securityfocus.com/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A cross-site scripting vulnerability 4. An HTML injection...
Command School Student Management System - '/sw/admin_school_years.php?id' SQL Injection
source: https://www.securityfocus.com/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A cross-site scripting vulnerability 4. An HTML injection...