MidnightBSD

Advisories for reamday_enterprises

CVE-2006-0157 MEDIUM

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
reamday_enterprises magic_news_plus 1.0.3
CVE-2006-0673 HIGH

Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
reamday_enterprises magic_calendar_lite 1.02
CVE-2006-0722 LOW

settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
reamday_enterprises magic_downloads 1.1.3
CVE-2006-0723 LOW

PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-94,

Products Affected

Vendor Product Version
reamday_enterprises magic_news_lite 1.2.3
CVE-2006-0724 LOW

profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
reamday_enterprises magic_news_lite 1.2.3