MidnightBSD

Advisories for scripts.oldguy

CVE-2009-4854 HIGH

addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
scripts.oldguy talkback 2.3.14
CVE-2009-4874 MEDIUM

TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
scripts.oldguy talkback 2.3.14