CVE-2014-100031 – GDL 4.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-100031
Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. Múltiples vulnerabilidades de inyección SQL en Ganesha Digital Library (GDL) 4.2 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id en (1) download.php o (2) main.php. • https://www.exploit-db.com/exploits/31961 http://packetstormsecurity.com/files/125464 http://secunia.com/advisories/57171 https://exchange.xforce.ibmcloud.com/vulnerabilities/91554 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-100030 – GDL 4.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-100030
Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action. Vulnerabilidad de XSS en module/search/function.php en Ganesha Digital Library (GDL) 4.2 permite a atacantes remotos inyectar secuencias de comandos web o HTMl arbitrarios a través del parámetro keyword en una acción ByEge. • https://www.exploit-db.com/exploits/31961 http://packetstormsecurity.com/files/125464 http://secunia.com/advisories/57171 https://exchange.xforce.ibmcloud.com/vulnerabilities/91553 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-100029 – GDL 4.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-100029
Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter. Múltiples vulnerabilidades de salto de directorio en class/session.php en Ganesha Digital Library (GDL) 4.2 permiten a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro (1) newlang o (2) newtheme. • https://www.exploit-db.com/exploits/31961 http://packetstormsecurity.com/files/125464 https://exchange.xforce.ibmcloud.com/vulnerabilities/91555 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-0965 – GDL 4.x - 'node' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0965
SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php. Vulnerabilidad de inyección SQL en functions/browse.php en Ganesha Digital Library (GDL) v4.0 y v4.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "node" en una acción "browse" a gdl.php. • https://www.exploit-db.com/exploits/8228 http://osvdb.org/52803 http://www.securityfocus.com/bid/34144 http://www.vupen.com/english/advisories/2009/0751 https://exchange.xforce.ibmcloud.com/vulnerabilities/49292 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •