NotCVE - vendor:"Limesurvey" product:"Limesurvey" version:"2.05\ "

Page 4 of 35 results (0.007 seconds)

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-16397

https://notcve.org/view.php?id=CVE-2018-16397

03 Sep 2018 — In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, En LimeSurvey en versiones anteriores a la 3.14.7, un usuario administrador puede aprovechar una pregunta "file upload" para leer un archivo arbitrario. • https://github.com/LimeSurvey/LimeSurvey/blob/3be9b41e76826b57f5860d18d93b23f47d59d2e4/docs/release_notes.txt#L51 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-4628

https://notcve.org/view.php?id=CVE-2015-4628

18 Jun 2015 — SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter. Vulnerabilidad de inyección SQL en application/controllers/admin/questiongroups.php en LimeSurvey anterior a 2.06+ Build 150618 permite a administradores remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro sid. • http://www.securityfocus.com/bid/75301 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2014-5016

https://notcve.org/view.php?id=CVE-2014-5016

21 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to application/views/admin/globalSettings_view.php, or (3) a crafted CSV file to the "Import CSV" functionality. Múltiples vulnerabilidades de XSS en LimeSurvey 2.05+ Build 140618 permiten a atacantes remotos inyectar s... • http://packetstormsecurity.com/files/127369/Lime-Survey-2.05-Build-140618-XSS-SQL-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2014-5017

https://notcve.org/view.php?id=CVE-2014-5017

21 Jul 2014 — SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter. Vulnerabilidad de inyección SQL en CPDB en application/controllers/admin/participantsaction.php en LimeSurvey 2.05+ Build 140618 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del paráme... • http://packetstormsecurity.com/files/127369/Lime-Survey-2.05-Build-140618-XSS-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2014-5018

https://notcve.org/view.php?id=CVE-2014-5018

21 Jul 2014 — Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume. Vulnerabilidad de lista negra incompleta en la función autoEscape en common_helper.php en LimeSurvey 2.05+ Build 140618 permite a atacantes remotos realizar ataques de XSS a través del juego de caracteres GBK en el parámetro loadname en... • http://packetstormsecurity.com/files/127369/Lime-Survey-2.05-Build-140618-XSS-SQL-Injection.html •

1 2 3 4