CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

seebug.org•added 2014/07/01 12:0 a.m.•11 views

project alumni <= 1.0.9 - Remote XSS / SQL Injection Vulnerability

No description provided by source. project-alumni sql injection & xss author : tomplixsee [email protected] ------------------------------------------------------------------------------------------------------------- affected software version : project alumni v1.0.9, v1.0.8, or lower??...

7.1AI score

Prion•added 2008/05/08 4:20 p.m.•12 views

Sql injection

SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS9.1AI score0.00432EPSS

Prion•added 2008/05/08 4:20 p.m.•16 views

Cross site scripting

Cross-site scripting XSS vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126...

4.3CVSS5.9AI score0.04183EPSS

NVD•added 2008/05/08 4:20 p.m.•11 views

CVE-2008-2118

SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS8.4AI score0.00432EPSS

NVD•added 2008/05/08 4:20 p.m.•12 views

CVE-2008-2117

4.3CVSS5.6AI score0.00564EPSS

CVE•added 2008/05/08 4:0 p.m.•38 views

CVE-2008-2118

SQL injection vulnerability (CVE-2008-2118) in Project Alumni 1.0.9, specifically in info.php via the id parameter. The underlying issue allows remote attackers to execute arbitrary SQL commands. This is evidenced by multiple sources (NVD entry and associated records) confirming the flaw and impa...

7.5CVSS8.4AI score0.00432EPSS

Cvelist•added 2008/05/08 4:0 p.m.•20 views

CVE-2008-2117

5.6AI score0.00564EPSS

CVE•added 2008/05/08 4:0 p.m.•45 views

CVE-2008-2117

CVE-2008-2117 is a cross-site scripting (XSS) vulnerability in Project Alumni 1.0.9. The issue affects the pages/news.page.inc component, where the year parameter in a news action to index.php can be exploited to inject arbitrary web script or HTML. This CVE is documented across multiple sources ...

4.3CVSS5.7AI score0.00564EPSS

Cvelist•added 2008/05/08 4:0 p.m.•16 views

CVE-2008-2118

SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter...

8.4AI score0.00432EPSS

exploitpack•added 2008/05/02 12:0 a.m.•14 views

Alumni 1.0.81.0.9 - info.php?id SQL Injection

Alumni 1.0.81.0.9 - info.php?id SQL Injection source: https://www.securityfocus.com/bid/29019/info Project Alumni is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues...

0.2AI score

exploitpack•added 2008/05/02 12:0 a.m.•18 views

Alumni 1.0.81.0.9 - index.php?year Cross-Site Scripting

Alumni 1.0.81.0.9 - index.php?year Cross-Site Scripting source: https://www.securityfocus.com/bid/29019/info Project Alumni is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting...

0.4AI score

seebug.org•added 2007/12/04 12:0 a.m.•13 views

Project Alumni Index.PHP Act参数本地文件包含漏洞

Project Alumni是一款基于PHP的WEB应用程序。 Project Alumni不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。问题是由于'Index.PHP'脚本对用户提交的'act'参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB权限查看系统文件内容。 Project Alumni 1.0.9 目前没有解决方案提供： https://sourceforge.net/projects/project-alumni/...

7.1AI score