MidnightBSD

Advisories for john_lim

CVE-2004-2664 MEDIUM

John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
john_lim adodb 3.94
john_lim adodb 4.00
john_lim adodb 4.02
john_lim adodb 4.03
john_lim adodb 4.05
john_lim adodb *
john_lim adodb 4.11
john_lim adodb 4.20
john_lim adodb 4.21
john_lim adodb 4.04
john_lim adodb 4.01
john_lim adodb 4.10
CVE-2006-0146 HIGH

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
postnuke_software_foundation postnuke 0.761
mantis mantis 1.0.0_rc4
the_cacti_group cacti 0.8.6g
moodle moodle 1.5.3
john_lim adodb 4.66
mantis mantis 0.19.4
john_lim adodb 4.68
mediabeez mediabeez *
CVE-2006-0147 HIGH

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
postnuke_software_foundation postnuke 0.761
mantis mantis 1.0.0_rc4
the_cacti_group cacti 0.8.6g
moodle moodle 1.5.3
john_lim adodb 4.66
mantis mantis 0.19.4
john_lim adodb 4.68
CVE-2006-0410 MEDIUM

SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
john_lim adodb 4.66
john_lim adodb 4.70
john_lim adodb 4.68
CVE-2006-0806 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
john_lim adodb 4.71
john_lim adodb 4.66
john_lim adodb 4.70
john_lim adodb 4.68
CVE-2011-3699 MEDIUM

John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
john_lim adodb 5.11