Dcp Portal
Products
1- 14 CVEs
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-4838 | 0.03 | — | 0.04 | Sep 15, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5)… | |||
| CVE-2006-4836 | 0.03 | — | 0.02 | Sep 15, 2006 | SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already… | |||
| CVE-2006-1120 | 0.03 | — | 0.03 | Mar 9, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of… | |||
| CVE-2004-2512 | 0.03 | — | 0.05 | Dec 31, 2004 | CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter. | |||
| CVE-2004-2511 | 0.03 | — | 0.05 | Dec 31, 2004 | Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid… | |||
| CVE-2003-1536 | 0.03 | — | 0.02 | Dec 31, 2003 | Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php and (2) the year parameter to calendar.php. | |||
| CVE-2007-2278 | 0.00 | — | 0.02 | Apr 25, 2007 | Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the abs_path_editor parameter to library/editor/editor.php, or (3) the… | |||
| CVE-2006-4837 | 0.00 | — | 0.03 | Sep 15, 2006 | Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path… | |||
| CVE-2006-0220 | 0.00 | — | 0.01 | Jan 16, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown;… | |||
| CVE-2005-4227 | 0.00 | — | 0.03 | Dec 14, 2005 | Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid,… | |||
| CVE-2005-3365 | 0.00 | — | 0.03 | Oct 30, 2005 | Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in… | |||
| CVE-2005-0454 | 0.00 | — | 0.02 | May 2, 2005 | Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php. | |||
| CVE-2002-0281 | 0.00 | — | 0.01 | May 31, 2002 | Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php. | |||
| CVE-2002-0282 | 0.00 | — | 0.02 | May 31, 2002 | DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message. |
- CVE-2006-4838Sep 15, 2006risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5)…
- CVE-2006-4836Sep 15, 2006risk 0.03cvss —epss 0.02
SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already…
- CVE-2006-1120Mar 9, 2006risk 0.03cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of…
- CVE-2004-2512Dec 31, 2004risk 0.03cvss —epss 0.05
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.
- CVE-2004-2511Dec 31, 2004risk 0.03cvss —epss 0.05
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid…
- CVE-2003-1536Dec 31, 2003risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php and (2) the year parameter to calendar.php.
- CVE-2007-2278Apr 25, 2007risk 0.00cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the abs_path_editor parameter to library/editor/editor.php, or (3) the…
- CVE-2006-4837Sep 15, 2006risk 0.00cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path…
- CVE-2006-0220Jan 16, 2006risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown;…
- CVE-2005-4227Dec 14, 2005risk 0.00cvss —epss 0.03
Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid,…
- CVE-2005-3365Oct 30, 2005risk 0.00cvss —epss 0.03
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in…
- CVE-2005-0454May 2, 2005risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php.
- CVE-2002-0281May 31, 2002risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.
- CVE-2002-0282May 31, 2002risk 0.00cvss —epss 0.02
DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message.