Vulnerabilities > Upoint
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-15 | CVE-2006-1437 | Information Disclosure vulnerability in Upoint AT1 Event Publisher 20031218 UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt. | 5.0 |
| 2006-04-15 | CVE-2006-1436 | HTML Injection vulnerability in Upoint AT1 Event Publisher 20031218 Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Website, and (5) Public Remarks fields to (a) eventpublisher_admin.htm and (b) eventpublisher_usersubmit.htm. network upoint | 4.3 |
| 2006-03-19 | CVE-2006-1278 | SQL Injection vulnerability in Upoint @1 File Store 2006.03.07 SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. | 6.8 |
| 2006-03-19 | CVE-2006-1277 | Input Validation vulnerability in @1 File Store Cross-site scripting (XSS) vulnerability in signup.php in @1 File Store 2006.03.07 allows remote attackers to inject arbitrary web script or HTML via the (1) real_name, (2) email, and (3) login parameters. network upoint | 5.8 |