Dian Gemilang
Products
2- 6 CVEs
- 2 CVEs
Recent CVEs
8| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-0694 | 0.04 | — | 0.10 | May 30, 2007 | Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter. | ||
| CVE-2009-1746 | 0.03 | — | 0.00 | May 21, 2009 | SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | ||
| CVE-2007-0693 | 0.03 | — | 0.02 | May 30, 2007 | SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS). | ||
| CVE-2007-2994 | 0.00 | — | 0.00 | Jun 4, 2007 | SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693. | ||
| CVE-2007-0692 | 0.00 | — | 0.00 | May 30, 2007 | DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages. | ||
| CVE-2006-2695 | 0.00 | — | 0.02 | May 31, 2006 | admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory. | ||
| CVE-2006-2572 | 0.00 | — | 0.01 | May 24, 2006 | Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters. | ||
| CVE-2006-2573 | 0.00 | — | 0.01 | May 24, 2006 | SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
- CVE-2007-0694May 30, 2007risk 0.04cvss —epss 0.10
Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter.
- CVE-2009-1746May 21, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
- CVE-2007-0693May 30, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).
- CVE-2007-2994Jun 4, 2007risk 0.00cvss —epss 0.00
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693.
- CVE-2007-0692May 30, 2007risk 0.00cvss —epss 0.00
DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.
- CVE-2006-2695May 31, 2006risk 0.00cvss —epss 0.02
admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.
- CVE-2006-2572May 24, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.
- CVE-2006-2573May 24, 2006risk 0.00cvss —epss 0.01
SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.