Esyndicat
Products
4- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2011-5177 | 0.03 | — | 0.01 | Sep 20, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter to the search page. | ||
| CVE-2008-3299 | 0.03 | — | 0.01 | Jul 25, 2008 | eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2007-6543 | 0.03 | — | 0.00 | Dec 28, 2007 | SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2007-3811 | 0.03 | — | 0.01 | Jul 17, 2007 | Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php. | ||
| CVE-2007-2785 | 0.00 | — | 0.01 | May 21, 2007 | manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action. | ||
| CVE-2006-2578 | 0.00 | — | 0.01 | May 24, 2006 | admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter. |
- CVE-2011-5177Sep 20, 2012risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter to the search page.
- CVE-2008-3299Jul 25, 2008risk 0.03cvss —epss 0.01
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2007-6543Dec 28, 2007risk 0.03cvss —epss 0.00
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-3811Jul 17, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.
- CVE-2007-2785May 21, 2007risk 0.00cvss —epss 0.01
manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action.
- CVE-2006-2578May 24, 2006risk 0.00cvss —epss 0.01
admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter.