VYPR
Vendor

Falcon

Products
2
CVEs
8
Across products
8
Status
Private

Products

2

Recent CVEs

8
  • CVE-2007-6489Dec 20, 2007
    risk 0.04cvss epss 0.07

    Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.

  • CVE-2007-6488Dec 20, 2007
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.

  • CVE-2007-6490Dec 20, 2007
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.

  • CVE-2002-2318Dec 31, 2002
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages.

  • CVE-2002-0899Oct 4, 2002
    risk 0.00cvss epss 0.02

    Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot).

  • CVE-2002-0275May 31, 2002
    risk 0.00cvss epss 0.02

    Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.

  • CVE-1999-0882Oct 28, 1999
    risk 0.00cvss epss 0.02

    Falcon web server allows remote attackers to determine the absolute path of the web root via long file names.

  • CVE-1999-0881Oct 26, 1999
    risk 0.00cvss epss 0.01

    Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.