5 matches found
CVE-2007-3191
The vulnerability CVE-2007-3191 affects Just For Fun Network Management System (JFFNMS) version 0.8.3, where a direct request to admin/adm/test.php triggers phpinfo and exposes configuration information. Public sources among connected documents cite Debian’s DSA-1374-1 and the related Nessus/Open...
CVE-2007-3189
The CVE-2007-3189 entry relates to a Cross-site scripting (XSS) vulnerability in JFFNMS 0.8.3, where an attacker can inject script via the user parameter in auth.php. Affected product: Just For Fun Network Management System (JFFNMS) 0.8.3. Impact: remote script/HTML injection as described. Remedi...
CVE-2007-3190
CVE-2007-3190 involves multiple SQL injection flaws in Just For Fun Network Management System (JFFNMS) 0.8.3, specifically in auth.php. The vulnerabilities allow remote attackers to execute arbitrary SQL commands via the user and pass parameters when magic_quotes_gpc is disabled. Public advisorie...
CVE-2007-3192
CVE-2007-3192 affects Just For Fun Network Management System (JFFNMS) 0.8.3. The issue allows remote attackers to read and modify configuration settings via direct requests to admin/setup.php, bypassing login restrictions. Debian advisories (DSA-1374-1) note fixes in jffnms 0.8.3dfsg.1-2.1etch1 (...
CVE-2007-3204
CVE-2007-3204 describes an SQL injection in auth.php of JFFNMS 0.8.4-pre2 , allowing remote attackers to execute arbitrary SQL commands via the pass parameter. This vulnerability is noted to stem from an incomplete fix for CVE-2007-3190. The connected sources confirm the flaw and its relation to ...