VYPR

SerWeb

by SerWeb

CVEs (4)

  • CVE-2007-3358Jun 22, 2007
    risk 0.08cvss epss 0.68

    PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter.

  • CVE-2007-6290Dec 10, 2007
    risk 0.04cvss epss 0.07

    Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters.

  • CVE-2007-6289Dec 10, 2007
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3)…

  • CVE-2007-3359Jun 22, 2007
    risk 0.00cvss epss 0.01

    Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. NOTE: the provenance of this information is…