MidnightBSD

Advisories for vcd-db

CVE-2005-4240 HIGH

SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vcd-db vcd-db 0.97
vcd-db vcd-db 0.98
vcd-db vcd-db 0.972
vcd-db vcd-db 0.971
vcd-db vcd-db 0.973
vcd-db vcd-db 0.961
CVE-2005-4241 MEDIUM

Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vcd-db vcd-db 0.97
vcd-db vcd-db 0.98
vcd-db vcd-db 0.972
vcd-db vcd-db 0.971
vcd-db vcd-db 0.973
vcd-db vcd-db 0.961