Vulnerabilities > Natterchat

DATE	CVE	VULNERABILITY TITLE	RISK
2009-08-24	CVE-2008-7049	SQL Injection vulnerability in Natterchat 1.1/1.12 Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. network low complexity natterchat CWE-89	7.5
2009-08-24	CVE-2008-7048	Cross-Site Scripting vulnerability in Natterchat 1.12 Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked from register.asp, or (2) txtRoomName parameter to room_new.asp. network natterchat CWE-79	4.3
2009-08-24	CVE-2008-7047	Improper Authentication vulnerability in Natterchat 1.1 NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp. network low complexity natterchat CWE-287	7.5
2008-12-16	CVE-2008-5602	Permissions, Privileges, and Access Controls vulnerability in Natterchat 1.12 Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb. network low complexity natterchat CWE-264	5.0
2004-12-31	CVE-2004-2206	SQL Injection vulnerability in Natterchat 1.12 SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. network low complexity natterchat	7.5

Vulnerabilities > Natterchat {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Natterchat"}]}

Vulnerabilities > Natterchat