Daverave
Products
2- 2 CVEs
- 2 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-1199 | 0.03 | — | 0.02 | Mar 14, 2006 | Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter. | |||
| CVE-2006-1073 | 0.03 | — | 0.03 | Mar 8, 2006 | Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters. | |||
| CVE-2006-1200 | 0.00 | — | 0.02 | Mar 14, 2006 | Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement. | |||
| CVE-2006-1072 | 0.00 | — | 0.01 | Mar 8, 2006 | Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog post. |
- CVE-2006-1199Mar 14, 2006risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter.
- CVE-2006-1073Mar 8, 2006risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters.
- CVE-2006-1200Mar 14, 2006risk 0.00cvss —epss 0.02
Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement.
- CVE-2006-1072Mar 8, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog post.