Show filters
61 Total Results
Displaying 41-50 of 61
Sort by:
Attacker Value
Unknown
CVE-2008-3415
Disclosure Date: July 31, 2008 (last updated October 04, 2023)
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.
0
Attacker Value
Unknown
CVE-2008-2850
Disclosure Date: June 25, 2008 (last updated October 04, 2023)
SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API.
0
Attacker Value
Unknown
CVE-2008-2849
Disclosure Date: June 25, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors.
0
Attacker Value
Unknown
CVE-2007-3812
Disclosure Date: July 17, 2007 (last updated October 04, 2023)
SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php.
0
Attacker Value
Unknown
CVE-2006-5002
Disclosure Date: September 27, 2006 (last updated October 04, 2023)
Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors.
0
Attacker Value
Unknown
CVE-2006-3309
Disclosure Date: June 29, 2006 (last updated October 04, 2023)
SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
0
Attacker Value
Unknown
CVE-2006-2188
Disclosure Date: May 04, 2006 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post.
0
Attacker Value
Unknown
CVE-2005-4196
Disclosure Date: December 13, 2005 (last updated February 22, 2025)
Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php; (2) ParentId parameter in SPT--BrowseResources.php; (3) the ResourceId parameter in SPT--FullRecord.php; (4) ResourceOffset parameter in SPT--Home.php, (5) F_SearchString parameter in SPT--QuickSearch.php; (6) F_UserName and (7) F_Password parameters in SPT--UserLogin.php; (8) F_SearchCat1, (9) F_TextField1, (10) F_SearchCat2, (11) F_TextField2, (12) F_SearchCat3, (13) F_TextField3, (14) F_SearchCat4, (15) F_TextField4, (16) ResourceType, (17) Language, (18) Audience, (19) Format parameters in SPT--AdvancedSearch.php.
0
Attacker Value
Unknown
CVE-2005-4195
Disclosure Date: December 13, 2005 (last updated February 22, 2025)
Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0.
0
Attacker Value
Unknown
CVE-2002-1530
Disclosure Date: March 31, 2003 (last updated February 22, 2025)
The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form.
0
