alex vulnerabilities and exploits

5
CVSSv2
CVE-2018-13162

The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value....

7.5
CVSSv2
CVE-2006-2879

SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter....

7.5
CVSSv2
CVE-2006-5459

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3)...

7.5
CVSSv2
CVE-2006-5291

PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party...

AlexDownloadengine
4.3
CVSSv2
CVE-2019-7417

XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter....

6.8
CVSSv2
CVE-2007-5157

PHP remote file inclusion vulnerability in phfito-post.php in Alex Kocharin PHP Fidonet Tosser (PhFiTo) 1.3.0 in phpFidoNode allows remote attackers to execute arbitrary PHP code via a URL in the SRC_PATH parameter to phfito-post....

Php Fidonet TosserPhpfidonode
5
CVSSv2
CVE-2000-1092

loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter....

Alex Heiphetz GroupEzshopper
5
CVSSv2
CVE-2001-0480

Directory traversal vulnerability in Alex's FTP Server 0.7 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the (1) GET or (2) CD commands....

9.3
CVSSv2
CVE-2009-2798

Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file....

9.3
CVSSv2
CVE-2009-2799

Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file....