VYPR
Vendor

Lifetype

Products
1
CVEs
10
Across products
10
Status
Private

Products

1

Recent CVEs

10
  • CVE-2008-2629Jun 10, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.

  • CVE-2008-2196May 14, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178.

  • CVE-2006-3577Jul 13, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op.

  • CVE-2006-2857Jun 6, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action (viewarticleaction.class.php).

  • CVE-2006-1808Apr 18, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation.

  • CVE-2011-3751Sep 23, 2011
    risk 0.00cvss epss 0.01

    LifeType 1.2.10 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/badbehavior/pluginbadbehavior.class.php.

  • CVE-2008-2178May 13, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the searchTerms parameter in an editArticleCategories operation (aka an admin category search).

  • CVE-2007-0979Feb 16, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL."

  • CVE-2006-6112Dec 6, 2006
    risk 0.00cvss epss 0.02

    LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and…

  • CVE-2006-1809Apr 18, 2006
    risk 0.00cvss epss 0.01

    index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which reveals the path in an error message.