5 matches found
CVE-2009-0764
The CVE-2009-0764 entry documents multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01, exploitable via the charm parameter to index.php and kipper.php. Affected component: Kipper 2.01 (web interface). Underlying issue: XSS allow remote attackers to inject arbitrary script/HTML. Imp...
CVE-2009-0765
CVE-2009-0765 affects Kipper 2.01, where index.php is vulnerable to directory traversal: remote attackers can include and execute arbitrary local files via .. in the configfile parameter. The issue enables partial confidentiality, integrity, and availability impact (CVSSv2 base score 7.5; AV:N/AC...
CVE-2009-0767
CVE-2009-0767 affects Kipper 2.01, where sensitive information is stored under the web root with insufficient access control. This allows remote attackers to download a file containing credentials via a direct request for job/config.data. Impact is exposure of credentials (partial confidentiality...
CVE-2009-0766
CVE-2009-0766 affects Kipper 2.01 where a directory-traversal flaw in default.php allows remote attackers to include and execute arbitrary local files via the configfile parameter. Root cause: improper handling of directory paths enabling local file inclusion. Impact: partial confidentiality/inte...
CVE-2009-0763
CVE-2009-0763 is an XSS vulnerability in the Kipper 2.01 release (default.php) that permits remote injection of arbitrary script/HTML via the charm parameter. Affected software: Kipper 2.01 . Root cause: unsanitized input in default.php leading to HTML/script injection. Impact: potential user bro...