MidnightBSD

Advisories for steve_korbett

CVE-2002-0588 MEDIUM

PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
steve_korbett pvote 1.0b
steve_korbett pvote 1.0a
steve_korbett pvote 1.0
steve_korbett pvote 1.5
CVE-2002-0589 HIGH

PVote before 1.9 allows remote attackers to change the administrative password and gain privileges by directly calling ch_info.php with the newpass and confirm parameters both set to the new password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
steve_korbett pvote 1.0b
steve_korbett pvote 1.0a
steve_korbett pvote 1.0
steve_korbett pvote 1.5