Owl Intranet Engine

CVEs (6)

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2006-1149	0.04	—	0.16	Mar 10, 2006	PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.
CVE-2006-4211	0.00	—	0.01	Aug 17, 2006	Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4212	0.00	—	0.01	Aug 17, 2006	SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2005-0265	0.00	—	0.01	May 2, 2005	Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.
CVE-2005-0264	0.00	—	0.00	May 2, 2005	Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter.
CVE-2003-0341	0.00	—	0.01	May 21, 2003	Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field.

CVE-2006-1149Mar 10, 2006
risk 0.04cvss —epss 0.16
PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.
CVE-2006-4211Aug 17, 2006
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4212Aug 17, 2006
risk 0.00cvss —epss 0.01
SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2005-0265May 2, 2005
risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.
CVE-2005-0264May 2, 2005
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter.
CVE-2003-0341May 21, 2003
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field.