MidnightBSD

Advisories for dlguard

CVE-2015-2064 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) c, or (3) redirect parameter to index.php or (4) search field (searchTerm parameter) in the main page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dlguard dlguard 5.0
dlguard dlguard 4.5
dlguard dlguard 4.6
CVE-2015-2066 HIGH

SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
dlguard dlguard 4.5
CVE-2015-2209 MEDIUM

DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
dlguard dlguard 4.5