Lucene search
K
NetcatNetcat

7 matches found

CVE
CVE
added 2008/12/26 5:8 p.m.61 views

CVE-2008-5730

CVE-2008-5730 describes multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier, enabling remote attackers to impact via vectors including a %0a cookie sequence and the add.php file. IBM X-Force bulletin ties this CVE to Astronomer with IBM 1.0.0 and documents a remediation path: ...

7.5CVSS7.2AI score0.02234EPSS
CVE
CVE
added 2008/12/26 5:8 p.m.59 views

CVE-2008-5728

CVE-2008-5728 affects AIST NetCat 3.12 and earlier. Multiple directory traversal vulnerabilities allow remote attackers to include and execute arbitrary local files via a .. in the system parameter of modules/netshop/post.php and the INCLUDE_FOLDER parameter in modules/auth.inc.php, modules/banne...

5.1CVSS7.3AI score0.01996EPSS
Web
CVE
CVE
added 2015/03/05 3:0 p.m.54 views

CVE-2015-2214

NetCat CMS (NetCat.ru) 5.01 and earlier is affected by an information disclosure vulnerability. The issue stems from the netshop/post.php script not adequately filtering the redirect_url parameter, allowing remote attackers to obtain the installation path. This root cause is described across conn...

5CVSS6.8AI score0.0236EPSS
Web
CVE
CVE
added 2008/12/26 8:0 p.m.53 views

CVE-2008-5742

CVE-2008-5742 describes multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier. The issues allow remote attackers to redirect users to arbitrary sites and conduct phishing via (1) the redirect parameter in a logoff action to modules/auth/index.php and (2) the url parameter to modu...

4CVSS6.8AI score0.02031EPSS
Web
CVE
CVE
added 2008/12/26 5:8 p.m.49 views

CVE-2008-5729

CVE-2008-5729 describes multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier. The issues allow remote attackers to inject arbitrary web script or HTML via three vectors: (1) the form and (2) the control parameters to FCKeditor/neditor.php, and (3) the path parameter...

4.3CVSS5.8AI score0.01445EPSS
Web
CVE
CVE
added 2008/12/26 5:8 p.m.46 views

CVE-2008-5727

The CVE describes an SQL injection in AIST NetCat 3.12 and earlier, specifically in modules/auth/password_recovery.php when magic_quotes_gpc is disabled. The underlying issue allows remote attackers to inject arbitrary SQL via the query string, enabling potential data disclosure or modification. ...

6.8CVSS8.4AI score0.01894EPSS
CVE
CVE
added 2009/07/07 6:35 p.m.43 views

CVE-2008-6853

The CVE describes an SQL injection in AIST NetCat 3.0 and 3.12, exploitable via the PollID parameter in modules/poll/index.php. The underlying issue allows remote attackers to execute arbitrary SQL commands, potentially impacting confidentiality, integrity, and availability (per CVSS base metrics...

7.5CVSS8.7AI score0.00967EPSS
Web