Neocrome

Land Down Under

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2006-6835

  • EPSS 0.49%
  • Veröffentlicht 31.12.2006 05:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php.

6.8

CVE-2006-6577

Exploit
  • EPSS 0.38%
  • Veröffentlicht 15.12.2006 19:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

10

CVE-2006-6268

Exploit
  • EPSS 0.75%
  • Veröffentlicht 04.12.2006 11:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a va...

5

CVE-2006-2096

  • EPSS 0.39%
  • Veröffentlicht 29.04.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message.

7.5

CVE-2005-4821

Exploit
  • EPSS 0.76%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 and earlier allow remote attackers to execute arbitrary SQL commands via parameters including (1) the m parameter in auth.php, (2) the f parameter in events.php, or (3) the e parame...

4.3

CVE-2005-2884

Exploit
  • EPSS 0.41%
  • Veröffentlicht 14.09.2005 20:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in events.php in Land Down Under (LDU) 801 and earlier allows remote attackers to inject arbitrary web script or HTML via the Description field in an event.

4.3

CVE-2005-2780

  • EPSS 0.3%
  • Veröffentlicht 02.09.2005 23:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature.

7.5

CVE-2005-2788

Exploit
  • EPSS 0.32%
  • Veröffentlicht 02.09.2005 23:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php.

4.3

CVE-2005-2674

Exploit
  • EPSS 0.94%
  • Veröffentlicht 23.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter...

7.5

CVE-2005-2675

Exploit
  • EPSS 0.7%
  • Veröffentlicht 23.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p param...