Lucene search
K
OneorzeroAims

4 matches found

CVE
CVE
added 2011/11/01 7:0 p.m.43 views

CVE-2011-4215

OneOrZero AIMS (OneOrZero AIMS 2.7.0) is affected by CVE-2011-4215 due to an SQL injection in lib/ooz_access.php where the cookieName parameter enables remote attackers to execute arbitrary SQL commands. This vulnerability is described across multiple sources (NVD entry and OpenVAS tests) with a ...

7.5CVSS8.6AI score0.01356EPSS
Web
CVE
CVE
added 2011/09/13 9:0 p.m.40 views

CVE-2010-4835

CVE-2010-4835 is a directory traversal vulnerability in OneOrZero AIMS 2.6.0 Members Edition. The flaw resides in index.php, where the controller parameter in a show_report action can be manipulated to read arbitrary files. This is a vulnerability in the web application that could allow remote au...

4CVSS6.4AI score0.02399EPSS
CVE
CVE
added 2011/11/01 7:0 p.m.38 views

CVE-2011-4214

CVE-2011-4214 concerns OneOrZero Action & Information Management System (AIMS) v2.7.0. The vulnerability is an authentication bypass : a crafted oozimsrememberme cookie allows remote attackers to obtain administrator privileges . Affected software: AIMS 2.7.0. Underlying issue: bypassing authenti...

10CVSS7.1AI score0.03135EPSS
CVE
CVE
added 2011/09/13 9:0 p.m.36 views

CVE-2010-4834

The CVE-2010-4834 entry describes multiple SQL injection flaws in index.php for OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition. The vulnerabilities reside in the search_management_manage subcontroller, where remote authenticated users can manipulate the (1) id parameter in a saved_s...

6.5CVSS8.3AI score0.00921EPSS