7 matches found
CVE-2012-6560
SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the 1 comment, 2 mac, 3 graphtype, 4 name, or 5 type parameter to stats.php; or 6 comment parameter to deviceadd.php...
Sql injection
SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter...
CVE-2012-6560
Summary: CVE-2012-6560 is a SQL injection in FreeNAC 3.02, specifically in deviceadd.php via the status parameter. The OpenVAS entry also notes additional vulnerabilities in FreeNAC (multiple XSS/HTML/SQL injection). The NVD/NVD-derived descriptions confirm the SQL injection flaw exists in FreeNA...
CVE-2012-6559
Multiple cross-site scripting XSS vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the 1 comment, 2 mac, 3 graphtype, 4 name, or 5 type parameter to stats.php; or 6 comment parameter to deviceadd.php...
CVE-2012-6559
CVE-2012-6559 impacts FreeNAC 3.02 with multiple cross-site scripting (XSS) vulnerabilities, enabling remote attackers to inject scripts/HTML via parameters to stats.php (comment, mac, graphtype, name, type) or deviceadd.php (comment). OpenVAS notes additional SQL injection vectors, expanding the...
CVE-2012-6560
SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter...