VYPR
Vendor

Phpkobo

Products
8
CVEs
20
Across products
20
Status
Private

Products

8

Recent CVEs

20
  • CVE-2010-1062Mar 23, 2010
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of…

  • CVE-2010-1060Mar 23, 2010
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.

  • CVE-2010-1058Mar 23, 2010
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.

  • CVE-2010-1057Mar 23, 2010
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in…

  • CVE-2023-5313Sep 30, 2023
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action.…

  • CVE-2023-41447Sep 28, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.

  • CVE-2023-41450Sep 28, 2023
    risk 0.00cvss epss 0.01

    An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.

  • CVE-2023-41446Sep 28, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.

  • CVE-2023-41452Sep 27, 2023
    risk 0.00cvss epss 0.01

    Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.

  • CVE-2023-41445Sep 27, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.

  • CVE-2023-41453Sep 27, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.

  • CVE-2023-41451Sep 27, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.

  • CVE-2023-41448Sep 27, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.

  • CVE-2023-41449Sep 27, 2023
    risk 0.00cvss epss 0.02

    An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.

  • CVE-2015-2983Aug 22, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2015-2982Aug 22, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php.

  • CVE-2014-3894Jul 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header.

  • CVE-2010-1063Mar 23, 2010
    risk 0.00cvss epss 0.01

    Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1)…

  • CVE-2010-1061Mar 23, 2010
    risk 0.00cvss epss 0.01

    Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2)…

  • CVE-2010-1059Mar 23, 2010
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the…