Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4086

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4086
Last Modified 15 Nov 2008 01:55:17
Published 30 Jul 2007 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4086

Summary

Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php, or (2) the UID parameter to (a) uvideos.php, (b) ugroups.php, (c) uprofile.php, (d) ufavour.php, (e) ufriends.php, or (f) uplaylist.php.

Vulnerable Systems

Application

  • Alstrasoft Video Share Enterprise


References

OSVDB - 37878

OSVDB - 37877

OSVDB - 37876

OSVDB - 37875

OSVDB - 37874

OSVDB - 37873

OSVDB - 37872

MISC - http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html


Last Updated: 27 May 2016 10:45:46