Agares Media
Products
4- 5 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5066 | 0.03 | — | 0.04 | Nov 13, 2008 | PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter. | |||
| CVE-2008-0433 | 0.03 | — | 0.03 | Jan 23, 2008 | PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614. | |||
| CVE-2008-0432 | 0.03 | — | 0.02 | Jan 23, 2008 | Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||
| CVE-2008-0262 | 0.03 | — | 0.01 | Jan 15, 2008 | SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter. | |||
| CVE-2007-6614 | 0.03 | — | 0.06 | Jan 3, 2008 | PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter, a related issue to CVE-2007-6542. | |||
| CVE-2007-6615 | 0.03 | — | 0.05 | Jan 3, 2008 | Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selected_provider parameter. | |||
| CVE-2007-6542 | 0.03 | — | 0.06 | Dec 27, 2007 | PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter. | |||
| CVE-2007-4552 | 0.03 | — | 0.01 | Aug 28, 2007 | SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary SQL commands via the blockpage parameter. NOTE: as of 20070827, the vendor has made conflicting statements regarding whether this issue exists or not. | |||
| CVE-2007-4551 | 0.03 | — | 0.03 | Aug 28, 2007 | PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter. | |||
| CVE-2008-6040 | 0.00 | — | 0.01 | Feb 3, 2009 | SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/articleblock.php. |
- CVE-2008-5066Nov 13, 2008risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
- CVE-2008-0433Jan 23, 2008risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614.
- CVE-2008-0432Jan 23, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
- CVE-2008-0262Jan 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
- CVE-2007-6614Jan 3, 2008risk 0.03cvss —epss 0.06
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter, a related issue to CVE-2007-6542.
- CVE-2007-6615Jan 3, 2008risk 0.03cvss —epss 0.05
Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selected_provider parameter.
- CVE-2007-6542Dec 27, 2007risk 0.03cvss —epss 0.06
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
- CVE-2007-4552Aug 28, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary SQL commands via the blockpage parameter. NOTE: as of 20070827, the vendor has made conflicting statements regarding whether this issue exists or not.
- CVE-2007-4551Aug 28, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter.
- CVE-2008-6040Feb 3, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/articleblock.php.