VYPR
Vendor

Boesch It

Products
4
CVEs
14
Across products
14
Status
Private

Products

4

Recent CVEs

14
  • CVE-2010-2858Jul 25, 2010
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters.

  • CVE-2010-1360Apr 13, 2010
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7)…

  • CVE-2007-4874Sep 26, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php.

  • CVE-2007-2749May 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action.

  • CVE-2007-2750May 17, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter.

  • CVE-2006-5530Oct 26, 2006
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this…

  • CVE-2006-4944Sep 23, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.

  • CVE-2010-2859Jul 25, 2010
    risk 0.00cvss epss 0.01

    news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.

  • CVE-2007-4873Sep 27, 2007
    risk 0.00cvss epss 0.01

    SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.

  • CVE-2007-5128Sep 27, 2007
    risk 0.00cvss epss 0.01

    SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.

  • CVE-2007-5129Sep 27, 2007
    risk 0.00cvss epss 0.02

    SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct…

  • CVE-2007-4872Sep 27, 2007
    risk 0.00cvss epss 0.02

    SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error messages.

  • CVE-2007-5130Sep 27, 2007
    risk 0.00cvss epss 0.01

    SimpGB 1.46.02 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php or (2) a direct request to admin/trailer.php, which reveals the path in various error messages.

  • CVE-2006-5560Oct 27, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. NOTE: some of these details…