MidnightBSD

Advisories for teekai

CVE-2002-2054 HIGH

TeeKai Forum 1.2 allows remote attackers to authenticate as the administrator and and gain privileged web forum access by setting the valid_level cookie to admin.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
teekai teekai_forum 1.2
CVE-2002-2055 MEDIUM

Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
teekai teekai_tracking_online 1.0
CVE-2002-2056 MEDIUM

Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows remote attackers to inject arbitrary web script or HTML via the valid_username_online cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
teekai teekai_forum 1.2
CVE-2002-2057 MEDIUM

TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
teekai teekai_forum 1.2
CVE-2002-2058 MEDIUM

TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
teekai tracking_online 1.0