) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:osclass:osclass:2.0:rc4:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2014-8085 |
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. Published: January 05, 2015; 3:59:08 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2014-8084 |
Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action. Published: January 05, 2015; 3:59:07 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2014-8083 |
SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action. Published: January 05, 2015; 3:59:03 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2014-6308 |
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php. Published: October 20, 2014; 10:55:06 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2014-6280 |
Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php. Published: October 20, 2014; 10:55:06 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2012-5163 |
Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php. Published: September 25, 2012; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2012-5162 |
Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (2) enable_category action to index.php. Published: September 25, 2012; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
| CVE-2012-0973 |
Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information. Published: September 25, 2012; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |