Vulnerabilities > Collector
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-29 | CVE-2009-1826 | Improper Authentication vulnerability in Collector Mygesuad 0.9.14 modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. | 6.5 |
2009-05-29 | CVE-2009-1825 | Improper Authentication vulnerability in Collector Mycolex 1.4.2 modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. | 4.0 |
2009-05-29 | CVE-2009-1812 | SQL Injection vulnerability in Collector Mygesuad 0.9.14 Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php. | 6.0 |
2009-05-29 | CVE-2009-1811 | Cross-Site Scripting vulnerability in Collector Mygesuad 0.9.14 Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to inject arbitrary web script or HTML via (1) the Page parameter in a List action to modules/ereignis.php, (2) the Kontext parameter in a Search action to modules/kategorie.php, (3) the image parameter to modules/image.php, or (4) the ID parameter in a Detail action to modules/sitzung.php. | 4.3 |
2009-05-29 | CVE-2009-1810 | SQL Injection vulnerability in Collector Mycolex 1.4.2 Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php. | 6.0 |
2009-05-29 | CVE-2009-1809 | Cross-Site Scripting vulnerability in Collector Mycolex 1.4.2 Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page parameter in a List action to modules/ereignis.php, (3) the Kontext parameter in a Search action to modules/kategorie.php, or (4) the image parameter to modules/image.php. | 4.3 |