3 matches found
CVE-2008-2338
Interspire ActiveKB 1.5 and earlier is affected by a privilege-escalation flaw where remote attackers can gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin. The issue is described across multiple sources (NVD/CVE-2008-2338). The available documents do...
CVE-2009-4957
CVE-2009-4957 describes a directory-traversal vulnerability in Interspire ActiveKB (affects loadpanel.php) that allows remote attackers to read arbitrary files via directory traversal in the Panel parameter. The vulnerability is referenced in multiple sources (NVD entry with a CVSSv2 base score o...
CVE-2007-5425
CVE-2007-5425 is a SQL injection vulnerability in Interspire ActiveKB 1.5, exploitable via the questId parameter in admin/index.php under a hideQuestion ToDo action. The issue affects ActiveKB 1.5 (and relates to CVE-2007-5131 for the catId vector). The provided documents do not specify a patch o...