Falcon
Products
2- 3 CVEs
- 1 CVE
Recent CVEs
4| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-6489 | 0.04 | — | 0.08 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors. | ||
| CVE-2007-6490 | 0.03 | — | 0.01 | Dec 20, 2007 | Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. | ||
| CVE-2007-6488 | 0.03 | — | 0.06 | Dec 20, 2007 | Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php. | ||
| CVE-1999-0882 | 0.00 | — | 0.01 | Oct 28, 1999 | Falcon web server allows remote attackers to determine the absolute path of the web root via long file names. |
- CVE-2007-6489Dec 20, 2007risk 0.04cvss —epss 0.08
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
- CVE-2007-6490Dec 20, 2007risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.
- CVE-2007-6488Dec 20, 2007risk 0.03cvss —epss 0.06
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.
- CVE-1999-0882Oct 28, 1999risk 0.00cvss —epss 0.01
Falcon web server allows remote attackers to determine the absolute path of the web root via long file names.