RSS   Vulnerabilities for 'Eqdkp'   RSS

2008-05-14
 
CVE-2008-2222

CWE-89
 

 
SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter.

 
2007-06-06
 
CVE-2007-3079

 

 
listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path.

 
 
CVE-2007-3077

 

 
SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter.

 
2007-05-16
 
CVE-2007-2716

 

 
Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information.

 
2007-02-05
 
CVE-2007-0760

 

 
EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.

 
2006-05-09
 
CVE-2006-2256

 

 
PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter.

 
2005-08-17
 
CVE-2005-2615

 

 
Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id.

 

 >>> Vendor: Eqdkp 3 Products
Eqdkp
Attunement and key
Eqdkp plus


Copyright 2024, cxsecurity.com

 

Back to Top