CVE

Id
29695  
CVE No.
CVE-2007-6338  
Status
Candidate  
Description
SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). NOTE: some of these details are obtained from third party information.  
Phase
Assigned (20071213)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
313158 29695 CVE-2007-6338 BUGTRAQ:20071213 + Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338  View
313159 29695 CVE-2007-6338 URL:http://www.securityfocus.com/archive/1/archive/1/485072/100/0/threaded  View
313160 29695 CVE-2007-6338 MISC:http://packetstorm.linuxsecurity.com/0712-exploits/trivantis-sql.txt  View
313161 29695 CVE-2007-6338 BID:26865  View
313162 29695 CVE-2007-6338 URL:http://www.securityfocus.com/bid/26865  View
313163 29695 CVE-2007-6338 OSVDB:39156  View
313164 29695 CVE-2007-6338 URL:http://www.osvdb.org/39156  View
313165 29695 CVE-2007-6338 SECUNIA:28098  View
313166 29695 CVE-2007-6338 URL:http://secunia.com/advisories/28098  View
313167 29695 CVE-2007-6338 SREASON:3450  View
313168 29695 CVE-2007-6338 URL:http://securityreason.com/securityalert/3450  View
313169 29695 CVE-2007-6338 XF:coursemill-userlogin-sql-injection(39031)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
48557 JVNDB-2008-003867 Geert Moernaut LSrunasE などにおける平文のパスワードを取得される脆弱性 Geert Moernaut LSrunasE および Supercrypt は、一意の初期化ベクトル (IV) を構築せずに、RC4 ストリーム暗号を使用するため、平文のパスワードを取得される脆弱性が存在します。 CVE-2007-6340 29695 2.1 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003867.html  View