Summary
Detail | |||
---|---|---|---|
Vendor | Clip-Share | First view | 2007-03-12 |
Product | Clipshare | Last view | 2014-11-04 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2014-11-04 | CVE-2014-8339 | SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter. |
7.5 | 2009-09-09 | CVE-2008-7188 | ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php. |
4.3 | 2009-02-19 | CVE-2008-6173 | Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter. |
7.5 | 2008-12-12 | CVE-2008-5489 | SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter. |
7.5 | 2008-06-20 | CVE-2008-2793 | SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter. |
7.5 | 2008-01-03 | CVE-2008-0089 | SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter. |
7.5 | 2007-03-12 | CVE-2007-1430 | PHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
66% (4) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
16% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
16% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
57960 | ClipShare siteadmin/useredit.php uid Parameter Arbitrary Profile Modification |
50009 | ClipShare channel_detail.php chid Parameter SQL Injection |
49350 | ClipShare fullscreen.php title Parameter XSS |
46491 | ClipShare group_posts.php tid Parameter SQL Injection |
39890 | ClipShare uprofile.php UID Parameter SQL Injection |
34446 | ClipShare include/adodb-connection.inc.php cmd Parameter Remote File Inclusion |