CVE-2007-1163 – webSPELL 4.01.02 - 'topic' SQL Injection
https://notcve.org/view.php?id=CVE-2007-1163
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. Vulnerabilidad de inyección SQL en printview.php de webSPELL 4.01.02 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro topic, vector distinto a CVE-2007-1019, CVE-2006-5388, y CVE-2006-4783. • https://www.exploit-db.com/exploits/3351 http://osvdb.org/33231 http://secunia.com/advisories/24257 http://www.securityfocus.com/bid/22659 http://www.vupen.com/english/advisories/2007/0714 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-1160
https://notcve.org/view.php?id=CVE-2007-1160
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. webSPELL 4.0, y posiblemente versiones posteriores, permite a atacantes remotos evitar autenticación mediante una cookie ws_auth, vulnerabilidad diferente a CVE-2006-4782. • http://osvdb.org/33143 http://securityreason.com/securityalert/2337 http://www.securityfocus.com/archive/1/460937/100/0/threaded • CWE-287: Improper Authentication •
CVE-2007-1155
https://notcve.org/view.php?id=CVE-2007-1155
Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED. Vulnerabilidad de promoción de ficheros no restringida en webSPELL permite a administradores remotos autenticados promocionar y ejecutar código PHP de su elección mediante la funcionalidad "add squad". NOTA: esta vulnerabilidad podría ser una característica administrativa, en cuyo caso esta CVE podría ser rechazada. • http://securityreason.com/securityalert/2337 http://www.securityfocus.com/archive/1/460937/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/32670 • CWE-20: Improper Input Validation •
CVE-2007-1154
https://notcve.org/view.php?id=CVE-2007-1154
SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782. Vulnerabilidad de inyección SQL en webSPELL permite a atacantes remotos ejecutar comandos SQL de su elección mediante una cookie ws_auth, una vulnerabilidad diferente que CVE-2006-4782. • http://securityreason.com/securityalert/2337 http://www.securityfocus.com/archive/1/460937/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/32669 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-1019 – webSPELL 4.01.02 - 'showonly' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2007-1019
SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. Vulnerabilidad de inyección SQL en news.php de webSPELL 4.01.02, cuando register_globals está habilitado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro showonly a index.php, un vector diferente que CVE-2006-5388. • https://www.exploit-db.com/exploits/3325 http://osvdb.org/33229 http://secunia.com/advisories/24191 http://www.securityfocus.com/bid/22541 http://www.vupen.com/english/advisories/2007/0650 https://exchange.xforce.ibmcloud.com/vulnerabilities/32554 •