5 matches found
Debian Security Advisory DSA 1374-1 (jffnms)
The remote host is missing an update to jffnms announced via advisory DSA 1374-1. OpenVAS Vulnerability Test $Id: deb13741.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1374-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
DSA-1374-1 jffnms - several vulnerabilities
Bulletin has no description...
CVE-2007-3190
Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System JFFNMS 0.8.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 user and 2 pass parameters...
Sql injection
SQL injection vulnerability in auth.php in Just For Fun Network Management System JFFNMS 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The provenance of this...
CVE-2007-3190
CVE-2007-3190 involves multiple SQL injection flaws in Just For Fun Network Management System (JFFNMS) 0.8.3, specifically in auth.php. The vulnerabilities allow remote attackers to execute arbitrary SQL commands via the user and pass parameters when magic_quotes_gpc is disabled. Public advisorie...