Vendor
Boesch It
Products
4
CVEs
12
Across products
12
Status
Private
Products
4- 6 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
12| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-2858 | 0.03 | — | 0.04 | Jul 25, 2010 | Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters. | ||
| CVE-2010-1360 | 0.03 | — | 0.01 | Apr 13, 2010 | Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php. | ||
| CVE-2007-4874 | 0.03 | — | 0.05 | Sep 26, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php. | ||
| CVE-2007-2750 | 0.03 | — | 0.01 | May 17, 2007 | SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter. | ||
| CVE-2007-2749 | 0.03 | — | 0.01 | May 17, 2007 | SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action. | ||
| CVE-2006-5530 | 0.03 | — | 0.00 | Oct 26, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||
| CVE-2006-4944 | 0.03 | — | 0.02 | Sep 23, 2006 | PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. | ||
| CVE-2010-2859 | 0.00 | — | 0.00 | Jul 25, 2010 | news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message. | ||
| CVE-2007-5130 | 0.00 | — | 0.00 | Sep 27, 2007 | SimpGB 1.46.02 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php or (2) a direct request to admin/trailer.php, which reveals the path in various error messages. | ||
| CVE-2007-5129 | 0.00 | — | 0.01 | Sep 27, 2007 | SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. | ||
| CVE-2007-5128 | 0.00 | — | 0.00 | Sep 27, 2007 | SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. | ||
| CVE-2006-5560 | 0.00 | — | 0.01 | Oct 27, 2006 | Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. NOTE: some of these details are obtained from third party information. |