VYPR
Vendor

Mkportal

Products
2
CVEs
13
Across products
14
Status
Private

Products

2

Recent CVEs

13
  • CVE-2007-3813Jul 17, 2007
    risk 0.08cvss epss 0.59

    PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter.

  • CVE-2007-6467Dec 20, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.

  • CVE-2007-3814Jul 17, 2007
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b)…

  • CVE-2006-6741Dec 26, 2006
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag.

  • CVE-2006-2067Apr 27, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter.

  • CVE-2006-2066Apr 27, 2006
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters.

  • CVE-2007-3637Jul 10, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with…

  • CVE-2007-0192Jan 12, 2007
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka…

  • CVE-2007-0191Jan 12, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.

  • CVE-2007-0194Jan 12, 2007
    risk 0.00cvss epss 0.01

    admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message.

  • CVE-2006-5139Oct 3, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects "Tables," related to the Urlobox.

  • CVE-2006-4665Sep 9, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third party information.

  • CVE-2006-3554Jul 13, 2006
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the…