MidnightBSD

Advisories for preprojects

CVE-2010-0954 HIGH

SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
preprojects pre_e-learning_portal *
CVE-2010-1369 HIGH

SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
preprojects pre_classified_listings_asp *
CVE-2010-1370 HIGH

SQL injection vulnerability in detailad.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the siteid parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
preprojects pre_classified_listings_asp *
CVE-2010-1371 MEDIUM

Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
preprojects pre_classified_listings_asp *
CVE-2010-4776 HIGH

SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
preprojects pre_online_tests_generator *