Falcon
Products
2- 5 CVEs
- 3 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-6489 | 0.04 | — | 0.07 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors. | |||
| CVE-2007-6488 | 0.03 | — | 0.03 | Dec 20, 2007 | Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php. | |||
| CVE-2007-6490 | 0.03 | — | 0.01 | Dec 20, 2007 | Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. | |||
| CVE-2002-2318 | 0.03 | — | 0.01 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages. | |||
| CVE-2002-0899 | 0.00 | — | 0.02 | Oct 4, 2002 | Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot). | |||
| CVE-2002-0275 | 0.00 | — | 0.02 | May 31, 2002 | Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. | |||
| CVE-1999-0882 | 0.00 | — | 0.02 | Oct 28, 1999 | Falcon web server allows remote attackers to determine the absolute path of the web root via long file names. | |||
| CVE-1999-0881 | 0.00 | — | 0.01 | Oct 26, 1999 | Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
- CVE-2007-6489Dec 20, 2007risk 0.04cvss —epss 0.07
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
- CVE-2007-6488Dec 20, 2007risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.
- CVE-2007-6490Dec 20, 2007risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.
- CVE-2002-2318Dec 31, 2002risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages.
- CVE-2002-0899Oct 4, 2002risk 0.00cvss —epss 0.02
Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot).
- CVE-2002-0275May 31, 2002risk 0.00cvss —epss 0.02
Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.
- CVE-1999-0882Oct 28, 1999risk 0.00cvss —epss 0.02
Falcon web server allows remote attackers to determine the absolute path of the web root via long file names.
- CVE-1999-0881Oct 26, 1999risk 0.00cvss —epss 0.01
Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.