5 matches found
CVE-2007-1634
The CVE-2007-1634 entry relates to Net Portal Dynamic System (NPDS) versions up to 5.10, where grab_globals.php is vulnerable. Affected component/function: _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable via dynamic variable evaluation. Root cause: variable extracti...
CVE-2005-1804
NPDS 5.0 contains multiple SQL injection vulnerabilities. Specifically, remote attackers can craft requests to (1) glossaire.php using the terme parameter and (2) links.php using the query parameter to execute arbitrary SQL commands. This is due to improper handling of user-supplied input. The im...
CVE-2007-1635
CVE-2007-1635 describes a static code injection in Net Portal Dynamic System (NPDS)
CVE-2005-1803
CVE-2005-1803 affects Net Portal Dynamic System (NPDS) 5.0. The description lists multiple XSS vectors: via the language parameter to admin.php or powerpack_f.php; the sitename parameter to sdv_infos.php; the categories parameter to faq.php; the lettre parameter to the glossaire module; the title...
CVE-2006-2952
The CVE-2006-2952 entry describes a directory traversal vulnerability in Net Portal Dynamic System (NPDS) versions 5.10 and earlier. The flaw allows remote attackers to read arbitrary files by crafting a .. (dot dot) path and a trailing null (%00) byte in specific parameters: (1) Default_Theme in...