47 matches found
CVE-2015-6012
Multiple open redirect vulnerabilities in Web Reference Database aka refbase through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter...
CVE-2015-6011
Web Reference Database aka refbase through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via 1 the id parameter to unapi.php or 2 the stylesheet parameter to sru.php...
CVE-2015-6009
Multiple SQL injection vulnerabilities in Web Reference Database aka refbase through 0.9.6 allow remote attackers to execute arbitrary SQL commands via 1 the where parameter to rss.php or 2 the sqlQuery parameter to search.php, a different issue than CVE-2015-7382...
CVE-2015-6008
install.php in Web Reference Database aka refbase through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381...
CVE-2015-6007
Cross-site request forgery CSRF vulnerability in Web Reference Database aka refbase through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users...
Open redirect
Multiple open redirect vulnerabilities in Web Reference Database aka refbase through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Web Reference Database aka refbase through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the 1 errorNo or 2 errorMsg parameter to error.php; the 3 viewType parameter to...
Sql injection
Multiple SQL injection vulnerabilities in Web Reference Database aka refbase through 0.9.6 allow remote attackers to execute arbitrary SQL commands via 1 the where parameter to rss.php or 2 the sqlQuery parameter to search.php, a different issue than CVE-2015-7382...
Design/Logic Flaw
Web Reference Database aka refbase through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via 1 the id parameter to unapi.php or 2 the stylesheet parameter to sru.php...
Design/Logic Flaw
install.php in Web Reference Database aka refbase through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Web Reference Database aka refbase through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users...
Sql injection
SQL injection vulnerability in install.php in Web Reference Database aka refbase through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Web Reference Database aka refbase through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or HTML via the 1 adminUserName, 2 pathToMYSQL, 3 databaseStructureFile, or 4 pathToBibutils parameter t...
CVE-2015-6008
install.php in Web Reference Database aka refbase through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381...
CVE-2015-6009
Multiple SQL injection vulnerabilities in Web Reference Database aka refbase through 0.9.6 allow remote attackers to execute arbitrary SQL commands via 1 the where parameter to rss.php or 2 the sqlQuery parameter to search.php, a different issue than CVE-2015-7382...
CVE-2015-6010
Multiple cross-site scripting XSS vulnerabilities in Web Reference Database aka refbase through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the 1 errorNo or 2 errorMsg parameter to error.php; the 3 viewType parameter to...
CVE-2015-7383
Multiple cross-site scripting XSS vulnerabilities in Web Reference Database aka refbase through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or HTML via the 1 adminUserName, 2 pathToMYSQL, 3 databaseStructureFile, or 4 pathToBibutils parameter t...
CVE-2015-6012
CVE-2015-6012 concerns Web Reference Database (refbase) open redirect via the referrer parameter. Connected sources confirm multiple open redirect vulnerabilities affecting refbase versions 0.9.6 and earlier, with exploitation enabling phishing by redirecting users to arbitrary sites. The core de...
CVE-2015-6008
CVE-2015-6008 affects Web Reference Database (refbase) install.php up to version 0.9.6. A remote attacker can execute arbitrary PHP code by manipulating the adminPassword parameter, enabling remote code execution. This is a confirmed vulnerability entry with corroborating references indicating a ...
CVE-2015-7381
Web Reference Database (refbase)