3 matches found
CVE-2008-0144
NetRisk 1.9.7 and earlier is affected by CVE-2008-0144: a PHP remote file inclusion in index.php via the page parameter can lead to arbitrary PHP code execution. The vulnerability can also be leveraged for local file inclusion through directory traversal sequences. This is a remote exploit over t...
CVE-2008-7155
NetRisk 1.9.7 is reported to misrestrict access to admin/change_submit.php, enabling remote attackers to change arbitrary user passwords via a direct request. This is documented in CVE-2008-7155 with a CVSS v2 base score of 7.5 (HIGH) and network attack vector. OpenVAS entries refer to a NetRisk ...
CVE-2008-0186
CVE-2008-0186 is an XSS vulnerability in NetRisk 1.9.7 (and possibly earlier) affecting index.php. The issue allows remote attackers to inject arbitrary web script or HTML through the page parameter. The affected product is NetRisk; root cause is reflected/scriptable input via the page parameter ...