Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities by nukescripts

    CVE-2007-5151 (GCVE-0-2007-5151)

    Vulnerability from nvd – Published: 2007-10-01 00:00 – Updated: 2024-08-07 15:24
    VLAI
    Summary
    SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26990 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/3308 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/25830 vdb-entryx_refsource_BID
    http://www.waraxe.us/advisory-58.html x_refsource_MISC
    http://www.securityfocus.com/archive/1/480846/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:24:42.294Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26990",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26990"
              },
              {
                "name": "ADV-2007-3308",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3308"
              },
              {
                "name": "25830",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25830"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.waraxe.us/advisory-58.html"
              },
              {
                "name": "20070927 [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/480846/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26990",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26990"
            },
            {
              "name": "ADV-2007-3308",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3308"
            },
            {
              "name": "25830",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25830"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.waraxe.us/advisory-58.html"
            },
            {
              "name": "20070927 [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/480846/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5151",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26990",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26990"
                },
                {
                  "name": "ADV-2007-3308",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3308"
                },
                {
                  "name": "25830",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25830"
                },
                {
                  "name": "http://www.waraxe.us/advisory-58.html",
                  "refsource": "MISC",
                  "url": "http://www.waraxe.us/advisory-58.html"
                },
                {
                  "name": "20070927 [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/480846/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5151",
        "datePublished": "2007-10-01T00:00:00.000Z",
        "dateReserved": "2007-09-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:24:42.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5150 (GCVE-0-2007-5150)

    Vulnerability from nvd – Published: 2007-10-01 00:00 – Updated: 2024-08-07 15:24
    VLAI
    Summary
    SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:24:41.852Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.waraxe.us/advisory-56.html"
              },
              {
                "name": "25827",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25827"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
              },
              {
                "name": "3181",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3181"
              },
              {
                "name": "20070927 [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/480812/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.waraxe.us/advisory-56.html"
            },
            {
              "name": "25827",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25827"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
            },
            {
              "name": "3181",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3181"
            },
            {
              "name": "20070927 [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/480812/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5150",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.waraxe.us/advisory-56.html",
                  "refsource": "MISC",
                  "url": "http://www.waraxe.us/advisory-56.html"
                },
                {
                  "name": "25827",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25827"
                },
                {
                  "name": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076",
                  "refsource": "MISC",
                  "url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
                },
                {
                  "name": "3181",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3181"
                },
                {
                  "name": "20070927 [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/480812/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5150",
        "datePublished": "2007-10-01T00:00:00.000Z",
        "dateReserved": "2007-09-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:24:41.852Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1494 (GCVE-0-2007-1494)

    Vulnerability from nvd – Published: 2007-03-16 22:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.nukescripts.net/modules.php?name=Downl… x_refsource_CONFIRM
    http://osvdb.org/35078 vdb-entryx_refsource_OSVDB
    Date Public
    2007-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.478Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055"
              },
              {
                "name": "35078",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35078"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"filters for https:// and http://\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-13T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055"
            },
            {
              "name": "35078",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35078"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1494",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"filters for https:// and http://\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055",
                  "refsource": "CONFIRM",
                  "url": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055"
                },
                {
                  "name": "35078",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35078"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1494",
        "datePublished": "2007-03-16T22:00:00.000Z",
        "dateReserved": "2007-03-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1493 (GCVE-0-2007-1493)

    Vulnerability from nvd – Published: 2007-03-16 22:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://attrition.org/pipermail/vim/2007-March/001… mailing-listx_refsource_VIM
    http://securityreason.com/securityalert/2430 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/462453/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-03-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.521Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070314 SQL injection (x2) in NukeSentinel",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
              },
              {
                "name": "2430",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2430"
              },
              {
                "name": "20070310 NukeSentinel \u003c= 2.5.06 SQL Injection (mysql \u003e= 4.0.24) Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/462453/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070314 SQL injection (x2) in NukeSentinel",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
            },
            {
              "name": "2430",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2430"
            },
            {
              "name": "20070310 NukeSentinel \u003c= 2.5.06 SQL Injection (mysql \u003e= 4.0.24) Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/462453/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1493",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070314 SQL injection (x2) in NukeSentinel",
                  "refsource": "VIM",
                  "url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
                },
                {
                  "name": "2430",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2430"
                },
                {
                  "name": "20070310 NukeSentinel \u003c= 2.5.06 SQL Injection (mysql \u003e= 4.0.24) Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/462453/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1493",
        "datePublished": "2007-03-16T22:00:00.000Z",
        "dateReserved": "2007-03-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.521Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1172 (GCVE-0-2007-1172)

    Vulnerability from nvd – Published: 2007-02-28 15:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24221 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/2341 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/460599/100… mailing-listx_refsource_BUGTRAQ
    https://www.exploit-db.com/exploits/3338 exploitx_refsource_EXPLOIT-DB
    http://attrition.org/pipermail/vim/2007-March/001… mailing-listx_refsource_VIM
    Date Public
    2007-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.613Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24221",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24221"
              },
              {
                "name": "2341",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2341"
              },
              {
                "name": "20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/460599/100/0/threaded"
              },
              {
                "name": "3338",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3338"
              },
              {
                "name": "20070314 SQL injection (x2) in NukeSentinel",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the \"File Disclosure Exploit.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24221",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24221"
            },
            {
              "name": "2341",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2341"
            },
            {
              "name": "20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/460599/100/0/threaded"
            },
            {
              "name": "3338",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3338"
            },
            {
              "name": "20070314 SQL injection (x2) in NukeSentinel",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1172",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the \"File Disclosure Exploit.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24221",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24221"
                },
                {
                  "name": "2341",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2341"
                },
                {
                  "name": "20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/460599/100/0/threaded"
                },
                {
                  "name": "3338",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3338"
                },
                {
                  "name": "20070314 SQL injection (x2) in NukeSentinel",
                  "refsource": "VIM",
                  "url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1172",
        "datePublished": "2007-02-28T15:00:00.000Z",
        "dateReserved": "2007-02-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1171 (GCVE-0-2007-1171)

    Vulnerability from nvd – Published: 2007-02-28 15:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.waraxe.us/advisory-53.html x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/22629 vdb-entryx_refsource_BID
    http://www.nukescripts.net/index.php?op=NEArticle… x_refsource_CONFIRM
    http://www.attrition.org/pipermail/vim/2007-Septe… mailing-listx_refsource_VIM
    https://www.exploit-db.com/exploits/3337 exploitx_refsource_EXPLOIT-DB
    http://securityreason.com/securityalert/2344 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/480994/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/460628/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/480575/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/25805 vdb-entryx_refsource_BID
    http://secunia.com/advisories/26954 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.waraxe.us/advisory-53.html"
              },
              {
                "name": "nukesentinel-nsbypass-sql-injection(32582)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
              },
              {
                "name": "22629",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22629"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
              },
              {
                "name": "20070928 CVE-2007-5125 - dupe",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
              },
              {
                "name": "3337",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3337"
              },
              {
                "name": "2344",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2344"
              },
              {
                "name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
              },
              {
                "name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
              },
              {
                "name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
              },
              {
                "name": "25805",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25805"
              },
              {
                "name": "26954",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26954"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.waraxe.us/advisory-53.html"
            },
            {
              "name": "nukesentinel-nsbypass-sql-injection(32582)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
            },
            {
              "name": "22629",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22629"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
            },
            {
              "name": "20070928 CVE-2007-5125 - dupe",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
            },
            {
              "name": "3337",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3337"
            },
            {
              "name": "2344",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2344"
            },
            {
              "name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
            },
            {
              "name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
            },
            {
              "name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
            },
            {
              "name": "25805",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25805"
            },
            {
              "name": "26954",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26954"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1171",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.waraxe.us/advisory-53.html",
                  "refsource": "MISC",
                  "url": "http://www.waraxe.us/advisory-53.html"
                },
                {
                  "name": "nukesentinel-nsbypass-sql-injection(32582)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
                },
                {
                  "name": "22629",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22629"
                },
                {
                  "name": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076",
                  "refsource": "CONFIRM",
                  "url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
                },
                {
                  "name": "20070928 CVE-2007-5125 - dupe",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
                },
                {
                  "name": "3337",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3337"
                },
                {
                  "name": "2344",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2344"
                },
                {
                  "name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
                },
                {
                  "name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
                },
                {
                  "name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
                },
                {
                  "name": "25805",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25805"
                },
                {
                  "name": "26954",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26954"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1171",
        "datePublished": "2007-02-28T15:00:00.000Z",
        "dateReserved": "2007-02-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5151 (GCVE-0-2007-5151)

    Vulnerability from cvelistv5 – Published: 2007-10-01 00:00 – Updated: 2024-08-07 15:24
    VLAI
    Summary
    SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26990 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/3308 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/25830 vdb-entryx_refsource_BID
    http://www.waraxe.us/advisory-58.html x_refsource_MISC
    http://www.securityfocus.com/archive/1/480846/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:24:42.294Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26990",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26990"
              },
              {
                "name": "ADV-2007-3308",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3308"
              },
              {
                "name": "25830",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25830"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.waraxe.us/advisory-58.html"
              },
              {
                "name": "20070927 [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/480846/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26990",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26990"
            },
            {
              "name": "ADV-2007-3308",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3308"
            },
            {
              "name": "25830",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25830"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.waraxe.us/advisory-58.html"
            },
            {
              "name": "20070927 [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/480846/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5151",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26990",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26990"
                },
                {
                  "name": "ADV-2007-3308",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3308"
                },
                {
                  "name": "25830",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25830"
                },
                {
                  "name": "http://www.waraxe.us/advisory-58.html",
                  "refsource": "MISC",
                  "url": "http://www.waraxe.us/advisory-58.html"
                },
                {
                  "name": "20070927 [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/480846/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5151",
        "datePublished": "2007-10-01T00:00:00.000Z",
        "dateReserved": "2007-09-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:24:42.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5150 (GCVE-0-2007-5150)

    Vulnerability from cvelistv5 – Published: 2007-10-01 00:00 – Updated: 2024-08-07 15:24
    VLAI
    Summary
    SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:24:41.852Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.waraxe.us/advisory-56.html"
              },
              {
                "name": "25827",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25827"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
              },
              {
                "name": "3181",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3181"
              },
              {
                "name": "20070927 [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/480812/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.waraxe.us/advisory-56.html"
            },
            {
              "name": "25827",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25827"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
            },
            {
              "name": "3181",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3181"
            },
            {
              "name": "20070927 [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/480812/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5150",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.waraxe.us/advisory-56.html",
                  "refsource": "MISC",
                  "url": "http://www.waraxe.us/advisory-56.html"
                },
                {
                  "name": "25827",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25827"
                },
                {
                  "name": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076",
                  "refsource": "MISC",
                  "url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
                },
                {
                  "name": "3181",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3181"
                },
                {
                  "name": "20070927 [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/480812/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5150",
        "datePublished": "2007-10-01T00:00:00.000Z",
        "dateReserved": "2007-09-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:24:41.852Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1494 (GCVE-0-2007-1494)

    Vulnerability from cvelistv5 – Published: 2007-03-16 22:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.nukescripts.net/modules.php?name=Downl… x_refsource_CONFIRM
    http://osvdb.org/35078 vdb-entryx_refsource_OSVDB
    Date Public
    2007-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.478Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055"
              },
              {
                "name": "35078",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35078"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"filters for https:// and http://\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-13T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055"
            },
            {
              "name": "35078",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35078"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1494",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"filters for https:// and http://\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055",
                  "refsource": "CONFIRM",
                  "url": "http://www.nukescripts.net/modules.php?name=Downloads\u0026op=getit\u0026lid=1055"
                },
                {
                  "name": "35078",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35078"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1494",
        "datePublished": "2007-03-16T22:00:00.000Z",
        "dateReserved": "2007-03-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1493 (GCVE-0-2007-1493)

    Vulnerability from cvelistv5 – Published: 2007-03-16 22:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://attrition.org/pipermail/vim/2007-March/001… mailing-listx_refsource_VIM
    http://securityreason.com/securityalert/2430 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/462453/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-03-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.521Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070314 SQL injection (x2) in NukeSentinel",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
              },
              {
                "name": "2430",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2430"
              },
              {
                "name": "20070310 NukeSentinel \u003c= 2.5.06 SQL Injection (mysql \u003e= 4.0.24) Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/462453/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070314 SQL injection (x2) in NukeSentinel",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
            },
            {
              "name": "2430",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2430"
            },
            {
              "name": "20070310 NukeSentinel \u003c= 2.5.06 SQL Injection (mysql \u003e= 4.0.24) Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/462453/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1493",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070314 SQL injection (x2) in NukeSentinel",
                  "refsource": "VIM",
                  "url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
                },
                {
                  "name": "2430",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2430"
                },
                {
                  "name": "20070310 NukeSentinel \u003c= 2.5.06 SQL Injection (mysql \u003e= 4.0.24) Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/462453/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1493",
        "datePublished": "2007-03-16T22:00:00.000Z",
        "dateReserved": "2007-03-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.521Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1172 (GCVE-0-2007-1172)

    Vulnerability from cvelistv5 – Published: 2007-02-28 15:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24221 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/2341 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/460599/100… mailing-listx_refsource_BUGTRAQ
    https://www.exploit-db.com/exploits/3338 exploitx_refsource_EXPLOIT-DB
    http://attrition.org/pipermail/vim/2007-March/001… mailing-listx_refsource_VIM
    Date Public
    2007-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.613Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24221",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24221"
              },
              {
                "name": "2341",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2341"
              },
              {
                "name": "20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/460599/100/0/threaded"
              },
              {
                "name": "3338",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3338"
              },
              {
                "name": "20070314 SQL injection (x2) in NukeSentinel",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the \"File Disclosure Exploit.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24221",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24221"
            },
            {
              "name": "2341",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2341"
            },
            {
              "name": "20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/460599/100/0/threaded"
            },
            {
              "name": "3338",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3338"
            },
            {
              "name": "20070314 SQL injection (x2) in NukeSentinel",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1172",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the \"File Disclosure Exploit.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24221",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24221"
                },
                {
                  "name": "2341",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2341"
                },
                {
                  "name": "20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/460599/100/0/threaded"
                },
                {
                  "name": "3338",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3338"
                },
                {
                  "name": "20070314 SQL injection (x2) in NukeSentinel",
                  "refsource": "VIM",
                  "url": "http://attrition.org/pipermail/vim/2007-March/001429.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1172",
        "datePublished": "2007-02-28T15:00:00.000Z",
        "dateReserved": "2007-02-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1171 (GCVE-0-2007-1171)

    Vulnerability from cvelistv5 – Published: 2007-02-28 15:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.waraxe.us/advisory-53.html x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/22629 vdb-entryx_refsource_BID
    http://www.nukescripts.net/index.php?op=NEArticle… x_refsource_CONFIRM
    http://www.attrition.org/pipermail/vim/2007-Septe… mailing-listx_refsource_VIM
    https://www.exploit-db.com/exploits/3337 exploitx_refsource_EXPLOIT-DB
    http://securityreason.com/securityalert/2344 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/480994/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/460628/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/480575/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/25805 vdb-entryx_refsource_BID
    http://secunia.com/advisories/26954 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.waraxe.us/advisory-53.html"
              },
              {
                "name": "nukesentinel-nsbypass-sql-injection(32582)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
              },
              {
                "name": "22629",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22629"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
              },
              {
                "name": "20070928 CVE-2007-5125 - dupe",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
              },
              {
                "name": "3337",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3337"
              },
              {
                "name": "2344",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2344"
              },
              {
                "name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
              },
              {
                "name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
              },
              {
                "name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
              },
              {
                "name": "25805",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25805"
              },
              {
                "name": "26954",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26954"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.waraxe.us/advisory-53.html"
            },
            {
              "name": "nukesentinel-nsbypass-sql-injection(32582)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
            },
            {
              "name": "22629",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22629"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
            },
            {
              "name": "20070928 CVE-2007-5125 - dupe",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
            },
            {
              "name": "3337",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3337"
            },
            {
              "name": "2344",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2344"
            },
            {
              "name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
            },
            {
              "name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
            },
            {
              "name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
            },
            {
              "name": "25805",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25805"
            },
            {
              "name": "26954",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26954"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1171",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.waraxe.us/advisory-53.html",
                  "refsource": "MISC",
                  "url": "http://www.waraxe.us/advisory-53.html"
                },
                {
                  "name": "nukesentinel-nsbypass-sql-injection(32582)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32582"
                },
                {
                  "name": "22629",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22629"
                },
                {
                  "name": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076",
                  "refsource": "CONFIRM",
                  "url": "http://www.nukescripts.net/index.php?op=NEArticle\u0026sid=4076"
                },
                {
                  "name": "20070928 CVE-2007-5125 - dupe",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2007-September/001806.html"
                },
                {
                  "name": "3337",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3337"
                },
                {
                  "name": "2344",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2344"
                },
                {
                  "name": "20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/480994/100/0/threaded"
                },
                {
                  "name": "20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/460628/100/0/threaded"
                },
                {
                  "name": "20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/480575/100/0/threaded"
                },
                {
                  "name": "25805",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25805"
                },
                {
                  "name": "26954",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26954"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1171",
        "datePublished": "2007-02-28T15:00:00.000Z",
        "dateReserved": "2007-02-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }