Nukesentinel Security Vulnerabilities and Issues — Nukesentinel CVE List

Lucene search

NukescriptsNukesentinel

6 matches found

CVE•added 2007/03/16 10:19 p.m.•48 views

CVE-2007-1493

nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.

7.5CVSS8AI score0.02924EPSS

CVE•added 2007/03/16 10:19 p.m.•43 views

CVE-2007-1494

Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://".

6.8CVSS5.7AI score0.00433EPSS

CVE•added 2007/10/01 5:17 a.m.•43 views

CVE-2007-5150

SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.

7.5CVSS8.2AI score

CVE•added 2007/03/02 9:18 p.m.•41 views

CVE-2007-1172

SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."

6.4CVSS8.3AI score0.00358EPSS

CVE•added 2007/03/02 9:18 p.m.•38 views

CVE-2007-1171

SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.

7.5CVSS8.3AI score0.03591EPSS

CVE•added 2007/10/01 5:17 a.m.•35 views

CVE-2007-5151

SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie.

7.5CVSS8.4AI score0.00458EPSS