VYPR
Vendor

Omnistar

Products
4
CVEs
6
Across products
6
Status
Private

Products

4

Recent CVEs

6
  • CVE-2007-5724Oct 30, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via (1) the category_id parameter to users/kb.php, and possibly (3) the Email Box field in profile.php.

  • CVE-2007-4952Sep 18, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.

  • CVE-2007-4341Aug 14, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in adm/my_statistics.php in Omnistar Lib2 PHP 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

  • CVE-2006-5917Nov 15, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in OmniStar Article Manager allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in (a) articles/comments.php and (b) articles/article.php, and the (2) page_id parameter in (c) articles/pages.php.

  • CVE-2005-3880Nov 29, 2005
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in users/comments.php, (2) category_id and (3) id parameters in users/kb.php.

  • CVE-2005-3840Nov 26, 2005
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter. NOTE: due to a typo, an Internet Explorer issue was incorrectly assigned this identifier, but the…