7 matches found
CVE-2008-5730
CVE-2008-5730 describes multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier, enabling remote attackers to impact via vectors including a %0a cookie sequence and the add.php file. IBM X-Force bulletin ties this CVE to Astronomer with IBM 1.0.0 and documents a remediation path: ...
CVE-2008-5728
CVE-2008-5728 affects AIST NetCat 3.12 and earlier. Multiple directory traversal vulnerabilities allow remote attackers to include and execute arbitrary local files via a .. in the system parameter of modules/netshop/post.php and the INCLUDE_FOLDER parameter in modules/auth.inc.php, modules/banne...
CVE-2015-2214
NetCat CMS (NetCat.ru) 5.01 and earlier is affected by an information disclosure vulnerability. The issue stems from the netshop/post.php script not adequately filtering the redirect_url parameter, allowing remote attackers to obtain the installation path. This root cause is described across conn...
CVE-2008-5742
CVE-2008-5742 describes multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier. The issues allow remote attackers to redirect users to arbitrary sites and conduct phishing via (1) the redirect parameter in a logoff action to modules/auth/index.php and (2) the url parameter to modu...
CVE-2008-5729
CVE-2008-5729 describes multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier. The issues allow remote attackers to inject arbitrary web script or HTML via three vectors: (1) the form and (2) the control parameters to FCKeditor/neditor.php, and (3) the path parameter...
CVE-2008-5727
The CVE describes an SQL injection in AIST NetCat 3.12 and earlier, specifically in modules/auth/password_recovery.php when magic_quotes_gpc is disabled. The underlying issue allows remote attackers to inject arbitrary SQL via the query string, enabling potential data disclosure or modification. ...
CVE-2008-6853
The CVE describes an SQL injection in AIST NetCat 3.0 and 3.12, exploitable via the PollID parameter in modules/poll/index.php. The underlying issue allows remote attackers to execute arbitrary SQL commands, potentially impacting confidentiality, integrity, and availability (per CVSS base metrics...