Refbase
Monthly
Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.