4 matches found
CVE-2011-4215
OneOrZero AIMS (OneOrZero AIMS 2.7.0) is affected by CVE-2011-4215 due to an SQL injection in lib/ooz_access.php where the cookieName parameter enables remote attackers to execute arbitrary SQL commands. This vulnerability is described across multiple sources (NVD entry and OpenVAS tests) with a ...
CVE-2010-4835
CVE-2010-4835 is a directory traversal vulnerability in OneOrZero AIMS 2.6.0 Members Edition. The flaw resides in index.php, where the controller parameter in a show_report action can be manipulated to read arbitrary files. This is a vulnerability in the web application that could allow remote au...
CVE-2011-4214
CVE-2011-4214 concerns OneOrZero Action & Information Management System (AIMS) v2.7.0. The vulnerability is an authentication bypass : a crafted oozimsrememberme cookie allows remote attackers to obtain administrator privileges . Affected software: AIMS 2.7.0. Underlying issue: bypassing authenti...
CVE-2010-4834
The CVE-2010-4834 entry describes multiple SQL injection flaws in index.php for OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition. The vulnerabilities reside in the search_management_manage subcontroller, where remote authenticated users can manipulate the (1) id parameter in a saved_s...