Clip share Clipshare

This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor	Clip-Share	First view	2007-03-12
Product	Clipshare	Last view	2014-11-04
Version		Type	Application
Update
Edition
Language
Sofware Edition
Target Software
Target Hardware
Other

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name	Affected CVE
cpe:2.3:a:clip-share:clipshare::::::::	3
cpe:2.3:a:clip-share:clipshare:2.6:::::::*	3
cpe:2.3:a:clip-share:clipshare:1.5.3:::::::*	3
cpe:2.3:a:clip-share:clipshare:3.0:::::::*	2
cpe:2.3:a:clip-share:clipshare:4::pro:::::	2
cpe:2.3:a:clip-share:clipshare:4.0:-:pro:::::*	2
cpe:2.3:a:clip-share:clipshare:8.0:::::::*	1

Related : CVE

	Date	Alert	Description
7.5	2014-11-04	CVE-2014-8339	SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter.
7.5	2009-09-09	CVE-2008-7188	ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php.
4.3	2009-02-19	CVE-2008-6173	Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
7.5	2008-12-12	CVE-2008-5489	SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter.
7.5	2008-06-20	CVE-2008-2793	SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
7.5	2008-01-03	CVE-2008-0089	SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter.
7.5	2007-03-12	CVE-2007-1430	PHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter.

CWE : Common Weakness Enumeration

%	id	Name
66% (4)	CWE-89	Improper Sanitization of Special Elements used in an SQL Command ('...
16% (1)	CWE-264	Permissions, Privileges, and Access Controls
16% (1)	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id	Description
57960	ClipShare siteadmin/useredit.php uid Parameter Arbitrary Profile Modification
50009	ClipShare channel_detail.php chid Parameter SQL Injection
49350	ClipShare fullscreen.php title Parameter XSS
46491	ClipShare group_posts.php tid Parameter SQL Injection
39890	ClipShare uprofile.php UID Parameter SQL Injection
34446	ClipShare include/adodb-connection.inc.php cmd Parameter Remote File Inclusion

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0293s

Facebook rss twitter linkedin mail