MidnightBSD

Advisories for turbotraffictrader

CVE-2004-2017 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
turbotraffictrader turbotraffictrader_c 1.0
CVE-2004-2191 MEDIUM

Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) msg[0] or (2) siteurl parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
turbotraffictrader turbotraffictrader_php 1.0
CVE-2004-2192 HIGH

SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the ttt_admin parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
turbotraffictrader turbotraffictrader_php 1.0