CVE-2005-1287
published 2005-04-23CVE-2005-1287: Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2)…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.16%
79.9th percentile
Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bk_dev | bk_forum | <= 4 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-45fg-96w2-7j5v: Multiple SQL injection vulnerabilities in BK Forum 4
ghsa_unreviewed·2022-05-01
CVE-2005-1287 [HIGH] GHSA-45fg-96w2-7j5v: Multiple SQL injection vulnerabilities in BK Forum 4
Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.
Red Hat
security flaw
vendor_redhat·2005-03-31·CVSS 10.0
CVE-2005-1194 [CRITICAL] security flaw
security flaw
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat
security flaw
vendor_redhat·2004-12-15·CVSS 10.0
CVE-2004-1287 [CRITICAL] security flaw
security flaw
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat
CVE-2007-1287: A regression error in the phpinfo function in PHP 4
vendor_redhat·CVSS 4.3
CVE-2007-1287 [MEDIUM] CVE-2007-1287: A regression error in the phpinfo function in PHP 4
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
Statement: The phpinfo function should not be used in publically-accessible PHP scripts.
No detection rules found.
Bugzilla
CVE-2005-1194 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2005-1194 [CRITICAL] CVE-2005-1194 security flaw
CVE-2005-1194 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Bugzilla
CVE-2004-1287 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2004-1287 [CRITICAL] CVE-2004-1287 security flaw
CVE-2004-1287 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
http://marc.info/?l=bugtraq&m=111428133317901&w=2http://secunia.com/advisories/15072http://securitytracker.com/id?1013793http://www.digitalparadox.org/advisories/bkdev.txthttp://www.osvdb.org/15784http://www.osvdb.org/15785http://www.osvdb.org/15786http://www.securityfocus.com/archive/1/431659/100/0/threadedhttp://www.securityfocus.com/archive/1/431863/100/0/threadedhttp://marc.info/?l=bugtraq&m=111428133317901&w=2http://secunia.com/advisories/15072http://securitytracker.com/id?1013793http://www.digitalparadox.org/advisories/bkdev.txthttp://www.osvdb.org/15784http://www.osvdb.org/15785http://www.osvdb.org/15786http://www.securityfocus.com/archive/1/431659/100/0/threadedhttp://www.securityfocus.com/archive/1/431863/100/0/threaded
2005-04-23
Published