VYPR
Vendor

AnnonceV

Products
10
CVEs
19
Across products
19
Status
Private

Products

10

Recent CVEs

19
  • CVE-2010-1114Mar 25, 2010
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php.

  • CVE-2010-1113Mar 25, 2010
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.

  • CVE-2008-6655Apr 7, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5)…

  • CVE-2008-6545Mar 30, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2008-6543Mar 30, 2009
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3,…

  • CVE-2007-4937Sep 18, 2007
    risk 0.03cvss epss 0.03

    CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php.

  • CVE-2007-0361Jan 19, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.

  • CVE-2006-4754Sep 13, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid…

  • CVE-2006-4753Sep 13, 2006
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

  • CVE-2006-4746Sep 13, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.

  • CVE-2006-4678Sep 11, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php.

  • CVE-2006-4622Sep 7, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

  • CVE-2010-1115Mar 25, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.

  • CVE-2007-1144Mar 2, 2007
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.

  • CVE-2006-3169Jun 23, 2006
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6)…

  • CVE-2006-3170Jun 23, 2006
    risk 0.00cvss epss 0.02

    CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message.

  • CVE-2006-3168Jun 23, 2006
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.

  • CVE-2006-3171Jun 23, 2006
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php.

  • CVE-2002-2217Dec 31, 2002
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php.