Vulnerabilities > Nukedit > Nukedit
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-12-30 | CVE-2008-5773 | Permissions, Privileges, and Access Controls vulnerability in Nukedit 4.9.8 Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb. | 5.0 |
2008-12-15 | CVE-2008-5582 | SQL Injection vulnerability in Nukedit SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter. | 7.5 |
2007-07-30 | CVE-2007-4052 | Cross-Site Scripting vulnerability in Nukedit 4.9.7B Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. network nukedit | 4.3 |
2007-05-02 | CVE-2007-2432 | Cross-Site Scripting vulnerability in Nukedit 4.9.7B Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. network nukedit | 6.8 |
2006-06-01 | CVE-2006-2737 | Unspecified vulnerability in Nukedit utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action. | 7.5 |