This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Refbase First view 2009-03-05
Product Refbase Last view 2015-09-27
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:refbase:refbase:0.7:*:*:*:*:*:*:* 10
cpe:2.3:a:refbase:refbase:0.6.1:b1:*:*:*:*:*:* 10
cpe:2.3:a:refbase:refbase:0.8.0:*:*:*:*:*:*:* 10
cpe:2.3:a:refbase:refbase:0.6:*:*:*:*:*:*:* 10

Related : CVE

  Date Alert Description
4.3 2015-09-27 CVE-2015-7383

Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or HTML via the (1) adminUserName, (2) pathToMYSQL, (3) databaseStructureFile, or (4) pathToBibutils parameter to install.php or the (5) adminUserName parameter to update.php.

7.5 2015-09-27 CVE-2015-7382

SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009.

7.5 2015-09-27 CVE-2015-7381

Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008.

5.8 2015-09-27 CVE-2015-6012

Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter.

5 2015-09-27 CVE-2015-6011

Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php.

4.3 2015-09-27 CVE-2015-6010

Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.php; the (3) viewType parameter to duplicate_manager.php; the (4) queryAction, (5) displayType, (6) citeOrder, (7) sqlQuery, (8) showQuery, (9) showLinks, (10) showRows, or (11) queryID parameter to query_manager.php; the (12) sourceText or (13) sourceIDs parameter to import.php; or the (14) typeName or (15) fileName parameter to modify.php.

7.5 2015-09-27 CVE-2015-6009

Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382.

7.5 2015-09-27 CVE-2015-6008

install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381.

6.8 2015-09-27 CVE-2015-6007

Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users.

4.3 2009-03-05 CVE-2008-6400

Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party information.

CWE : Common Weakness Enumeration

%idName
37% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (2) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
12% (1) CWE-352 Cross-Site Request Forgery (CSRF)
12% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
12% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

Open Source Vulnerability Database (OSVDB)

id Description
49977 refbase search.php headerMsg Parameter XSS
49976 refbase show.php headerMsg Parameter XSS