Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by nukescripts
CVE-2007-5151 (GCVE-0-2007-5151)
Vulnerability from nvd – Published: 2007-10-01 00:00 – Updated: 2024-08-07 15:24
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26990 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/3308 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/25830 | vdb-entryx_refsource_BID |
| http://www.waraxe.us/advisory-58.html | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/480846/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-09-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26990"
},
{
"name": "ADV-2007-3308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3308"
},
{
"name": "25830",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25830"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-58.html"
},
{
"name": "20070927 [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480846/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26990"
},
{
"name": "ADV-2007-3308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3308"
},
{
"name": "25830",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25830"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-58.html"
},
{
"name": "20070927 [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480846/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26990"
},
{
"name": "ADV-2007-3308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3308"
},
{
"name": "25830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25830"
},
{
"name": "http://www.waraxe.us/advisory-58.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-58.html"
},
{
"name": "20070927 [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480846/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5151",
"datePublished": "2007-10-01T00:00:00.000Z",
"dateReserved": "2007-09-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5150 (GCVE-0-2007-5150)
Vulnerability from nvd – Published: 2007-10-01 00:00 – Updated: 2024-08-07 15:24
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.waraxe.us/advisory-56.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/25827 | vdb-entryx_refsource_BID |
| http://www.nukescripts.net/index.php?op=NEArticle… | x_refsource_MISC |
| http://securityreason.com/securityalert/3181 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/480812/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-09-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:41.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-56.html"
},
{
"name": "25827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25827"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
},
{
"name": "3181",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3181"
},
{
"name": "20070927 [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480812/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-56.html"
},
{
"name": "25827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25827"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
},
{
"name": "3181",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3181"
},
{
"name": "20070927 [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480812/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-56.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-56.html"
},
{
"name": "25827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25827"
},
{
"name": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076",
"refsource": "MISC",
"url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
},
{
"name": "3181",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3181"
},
{
"name": "20070927 [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480812/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5150",
"datePublished": "2007-10-01T00:00:00.000Z",
"dateReserved": "2007-09-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:41.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1494 (GCVE-0-2007-1494)
Vulnerability from nvd – Published: 2007-03-16 22:00 – Updated: 2024-08-07 12:59
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.nukescripts.net/modules.php?name=Downl… | x_refsource_CONFIRM |
| http://osvdb.org/35078 | vdb-entryx_refsource_OSVDB |
Date Public
2007-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055"
},
{
"name": "35078",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"filters for https:// and http://\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-13T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055"
},
{
"name": "35078",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"filters for https:// and http://\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055",
"refsource": "CONFIRM",
"url": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055"
},
{
"name": "35078",
"refsource": "OSVDB",
"url": "http://osvdb.org/35078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1494",
"datePublished": "2007-03-16T22:00:00.000Z",
"dateReserved": "2007-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:59:08.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1493 (GCVE-0-2007-1493)
Vulnerability from nvd – Published: 2007-03-16 22:00 – Updated: 2024-08-07 12:59
VLAI
EPSS
VEX
Summary
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://attrition.org/pipermail/vim/2007-March/001… | mailing-listx_refsource_VIM |
| http://securityreason.com/securityalert/2430 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/462453/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070314 SQL injection (x2) in NukeSentinel",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
},
{
"name": "2430",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2430"
},
{
"name": "20070310 NukeSentinel \u003c= 2.5.06 SQL Injection (mysql \u003e= 4.0.24) Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462453/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070314 SQL injection (x2) in NukeSentinel",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
},
{
"name": "2430",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2430"
},
{
"name": "20070310 NukeSentinel \u003c= 2.5.06 SQL Injection (mysql \u003e= 4.0.24) Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462453/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070314 SQL injection (x2) in NukeSentinel",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
},
{
"name": "2430",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2430"
},
{
"name": "20070310 NukeSentinel \u003c= 2.5.06 SQL Injection (mysql \u003e= 4.0.24) Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462453/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1493",
"datePublished": "2007-03-16T22:00:00.000Z",
"dateReserved": "2007-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:59:08.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1172 (GCVE-0-2007-1172)
Vulnerability from nvd – Published: 2007-02-28 15:00 – Updated: 2024-08-07 12:43
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/24221 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/2341 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/460599/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/3338 | exploitx_refsource_EXPLOIT-DB |
| http://attrition.org/pipermail/vim/2007-March/001… | mailing-listx_refsource_VIM |
Date Public
2007-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24221"
},
{
"name": "2341",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2341"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460599/100/0/threaded"
},
{
"name": "3338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3338"
},
{
"name": "20070314 SQL injection (x2) in NukeSentinel",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the \"File Disclosure Exploit.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24221"
},
{
"name": "2341",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2341"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460599/100/0/threaded"
},
{
"name": "3338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3338"
},
{
"name": "20070314 SQL injection (x2) in NukeSentinel",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the \"File Disclosure Exploit.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24221"
},
{
"name": "2341",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2341"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460599/100/0/threaded"
},
{
"name": "3338",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3338"
},
{
"name": "20070314 SQL injection (x2) in NukeSentinel",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1172",
"datePublished": "2007-02-28T15:00:00.000Z",
"dateReserved": "2007-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:43:22.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1171 (GCVE-0-2007-1171)
Vulnerability from nvd – Published: 2007-02-28 15:00 – Updated: 2024-08-07 12:43
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.waraxe.us/advisory-53.html | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/22629 | vdb-entryx_refsource_BID |
| http://www.nukescripts.net/index.php?op=NEArticle… | x_refsource_CONFIRM |
| http://www.attrition.org/pipermail/vim/2007-Septe… | mailing-listx_refsource_VIM |
| https://www.exploit-db.com/exploits/3337 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/2344 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/480994/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/460628/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/480575/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/25805 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/26954 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-53.html"
},
{
"name": "nukesentinel-nsbypass-sql-injection(32582)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
},
{
"name": "22629",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
},
{
"name": "20070928 CVE-2007-5125 - dupe",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
},
{
"name": "3337",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3337"
},
{
"name": "2344",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2344"
},
{
"name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
},
{
"name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
},
{
"name": "25805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25805"
},
{
"name": "26954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-53.html"
},
{
"name": "nukesentinel-nsbypass-sql-injection(32582)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
},
{
"name": "22629",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
},
{
"name": "20070928 CVE-2007-5125 - dupe",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
},
{
"name": "3337",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3337"
},
{
"name": "2344",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2344"
},
{
"name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
},
{
"name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
},
{
"name": "25805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25805"
},
{
"name": "26954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-53.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-53.html"
},
{
"name": "nukesentinel-nsbypass-sql-injection(32582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
},
{
"name": "22629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22629"
},
{
"name": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076",
"refsource": "CONFIRM",
"url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
},
{
"name": "20070928 CVE-2007-5125 - dupe",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
},
{
"name": "3337",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3337"
},
{
"name": "2344",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2344"
},
{
"name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
},
{
"name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
},
{
"name": "25805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25805"
},
{
"name": "26954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1171",
"datePublished": "2007-02-28T15:00:00.000Z",
"dateReserved": "2007-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:43:22.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5151 (GCVE-0-2007-5151)
Vulnerability from cvelistv5 – Published: 2007-10-01 00:00 – Updated: 2024-08-07 15:24
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26990 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/3308 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/25830 | vdb-entryx_refsource_BID |
| http://www.waraxe.us/advisory-58.html | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/480846/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-09-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26990"
},
{
"name": "ADV-2007-3308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3308"
},
{
"name": "25830",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25830"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-58.html"
},
{
"name": "20070927 [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480846/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26990"
},
{
"name": "ADV-2007-3308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3308"
},
{
"name": "25830",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25830"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-58.html"
},
{
"name": "20070927 [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480846/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26990"
},
{
"name": "ADV-2007-3308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3308"
},
{
"name": "25830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25830"
},
{
"name": "http://www.waraxe.us/advisory-58.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-58.html"
},
{
"name": "20070927 [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480846/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5151",
"datePublished": "2007-10-01T00:00:00.000Z",
"dateReserved": "2007-09-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5150 (GCVE-0-2007-5150)
Vulnerability from cvelistv5 – Published: 2007-10-01 00:00 – Updated: 2024-08-07 15:24
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.waraxe.us/advisory-56.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/25827 | vdb-entryx_refsource_BID |
| http://www.nukescripts.net/index.php?op=NEArticle… | x_refsource_MISC |
| http://securityreason.com/securityalert/3181 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/480812/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-09-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:41.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-56.html"
},
{
"name": "25827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25827"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
},
{
"name": "3181",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3181"
},
{
"name": "20070927 [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480812/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-56.html"
},
{
"name": "25827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25827"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
},
{
"name": "3181",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3181"
},
{
"name": "20070927 [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480812/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-56.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-56.html"
},
{
"name": "25827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25827"
},
{
"name": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076",
"refsource": "MISC",
"url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
},
{
"name": "3181",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3181"
},
{
"name": "20070927 [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480812/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5150",
"datePublished": "2007-10-01T00:00:00.000Z",
"dateReserved": "2007-09-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:41.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1494 (GCVE-0-2007-1494)
Vulnerability from cvelistv5 – Published: 2007-03-16 22:00 – Updated: 2024-08-07 12:59
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.nukescripts.net/modules.php?name=Downl… | x_refsource_CONFIRM |
| http://osvdb.org/35078 | vdb-entryx_refsource_OSVDB |
Date Public
2007-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055"
},
{
"name": "35078",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"filters for https:// and http://\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-13T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055"
},
{
"name": "35078",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"filters for https:// and http://\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055",
"refsource": "CONFIRM",
"url": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055"
},
{
"name": "35078",
"refsource": "OSVDB",
"url": "http://osvdb.org/35078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1494",
"datePublished": "2007-03-16T22:00:00.000Z",
"dateReserved": "2007-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:59:08.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1493 (GCVE-0-2007-1493)
Vulnerability from cvelistv5 – Published: 2007-03-16 22:00 – Updated: 2024-08-07 12:59
VLAI
EPSS
VEX
Summary
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://attrition.org/pipermail/vim/2007-March/001… | mailing-listx_refsource_VIM |
| http://securityreason.com/securityalert/2430 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/462453/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070314 SQL injection (x2) in NukeSentinel",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
},
{
"name": "2430",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2430"
},
{
"name": "20070310 NukeSentinel \u003c= 2.5.06 SQL Injection (mysql \u003e= 4.0.24) Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462453/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070314 SQL injection (x2) in NukeSentinel",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
},
{
"name": "2430",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2430"
},
{
"name": "20070310 NukeSentinel \u003c= 2.5.06 SQL Injection (mysql \u003e= 4.0.24) Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462453/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070314 SQL injection (x2) in NukeSentinel",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
},
{
"name": "2430",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2430"
},
{
"name": "20070310 NukeSentinel \u003c= 2.5.06 SQL Injection (mysql \u003e= 4.0.24) Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462453/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1493",
"datePublished": "2007-03-16T22:00:00.000Z",
"dateReserved": "2007-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:59:08.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1172 (GCVE-0-2007-1172)
Vulnerability from cvelistv5 – Published: 2007-02-28 15:00 – Updated: 2024-08-07 12:43
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/24221 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/2341 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/460599/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/3338 | exploitx_refsource_EXPLOIT-DB |
| http://attrition.org/pipermail/vim/2007-March/001… | mailing-listx_refsource_VIM |
Date Public
2007-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24221"
},
{
"name": "2341",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2341"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460599/100/0/threaded"
},
{
"name": "3338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3338"
},
{
"name": "20070314 SQL injection (x2) in NukeSentinel",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the \"File Disclosure Exploit.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24221"
},
{
"name": "2341",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2341"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460599/100/0/threaded"
},
{
"name": "3338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3338"
},
{
"name": "20070314 SQL injection (x2) in NukeSentinel",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the \"File Disclosure Exploit.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24221"
},
{
"name": "2341",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2341"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460599/100/0/threaded"
},
{
"name": "3338",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3338"
},
{
"name": "20070314 SQL injection (x2) in NukeSentinel",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1172",
"datePublished": "2007-02-28T15:00:00.000Z",
"dateReserved": "2007-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:43:22.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1171 (GCVE-0-2007-1171)
Vulnerability from cvelistv5 – Published: 2007-02-28 15:00 – Updated: 2024-08-07 12:43
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.waraxe.us/advisory-53.html | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/22629 | vdb-entryx_refsource_BID |
| http://www.nukescripts.net/index.php?op=NEArticle… | x_refsource_CONFIRM |
| http://www.attrition.org/pipermail/vim/2007-Septe… | mailing-listx_refsource_VIM |
| https://www.exploit-db.com/exploits/3337 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/2344 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/480994/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/460628/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/480575/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/25805 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/26954 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-53.html"
},
{
"name": "nukesentinel-nsbypass-sql-injection(32582)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
},
{
"name": "22629",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
},
{
"name": "20070928 CVE-2007-5125 - dupe",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
},
{
"name": "3337",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3337"
},
{
"name": "2344",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2344"
},
{
"name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
},
{
"name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
},
{
"name": "25805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25805"
},
{
"name": "26954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-53.html"
},
{
"name": "nukesentinel-nsbypass-sql-injection(32582)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
},
{
"name": "22629",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
},
{
"name": "20070928 CVE-2007-5125 - dupe",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
},
{
"name": "3337",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3337"
},
{
"name": "2344",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2344"
},
{
"name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
},
{
"name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
},
{
"name": "25805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25805"
},
{
"name": "26954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-53.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-53.html"
},
{
"name": "nukesentinel-nsbypass-sql-injection(32582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
},
{
"name": "22629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22629"
},
{
"name": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076",
"refsource": "CONFIRM",
"url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
},
{
"name": "20070928 CVE-2007-5125 - dupe",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
},
{
"name": "3337",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3337"
},
{
"name": "2344",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2344"
},
{
"name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
},
{
"name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
},
{
"name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
},
{
"name": "25805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25805"
},
{
"name": "26954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1171",
"datePublished": "2007-02-28T15:00:00.000Z",
"dateReserved": "2007-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:43:22.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}