Vulnerabilities > Webspell
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-02 | CVE-2007-1163 | SQL Injection vulnerability in Webspell 4.0/4.01.00/4.01.01 SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | 7.5 |
2007-03-02 | CVE-2007-1160 | Improper Authentication vulnerability in Webspell 4.0 webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | 10.0 |
2007-03-02 | CVE-2007-1155 | Improper Input Validation vulnerability in Webspell Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. | 4.6 |
2007-03-02 | CVE-2007-1154 | SQL Injection vulnerability in Webspell SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | 6.8 |
2007-02-21 | CVE-2007-1019 | SQL Injection vulnerability in Webspell 4.01.02 SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. network webspell | 6.8 |
2007-01-25 | CVE-2007-0502 | SQL Injection vulnerability in Webspell 4.01.02 SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492. | 7.5 |
2007-01-25 | CVE-2007-0492 | SQL-Injection vulnerability in webSPELL Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. | 7.5 |
2006-10-18 | CVE-2006-5388 | SQL Injection vulnerability in WebSpell SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783. | 7.5 |
2006-09-14 | CVE-2006-4783 | SQL-Injection vulnerability in Webspell 4.0 SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter. | 5.1 |
2006-09-14 | CVE-2006-4782 | Authentication Bypass vulnerability in Webspell 4.0/4.1/4.1.1 src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. | 5.4 |