VYPR
Vendor

Tufat

Products
6
CVEs
14
Across products
14
Status
Private

Products

6

Recent CVEs

14
  • CVE-2013-10038CriJul 31, 2025
    risk 0.70cvss epss 0.01

    An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts…

  • CVE-2007-3697Jul 11, 2007
    risk 0.04cvss epss 0.13

    PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.

  • CVE-2009-4978Aug 25, 2010
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

  • CVE-2009-4977Aug 25, 2010
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter.

  • CVE-2010-1872May 12, 2010
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2010-1055Mar 23, 2010
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php…

  • CVE-2008-6799May 7, 2009
    risk 0.03cvss epss 0.03

    connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7."

  • CVE-2008-4738Oct 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2006-7032Feb 23, 2007
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.

  • CVE-2006-4583Sep 6, 2006
    risk 0.03cvss epss 0.04

    Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php.

  • CVE-2007-0834Feb 7, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown;…

  • CVE-2007-0807Feb 7, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature.

  • CVE-2006-3767Jul 21, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file in txtcomment parameter,…

  • CVE-2006-3766Jul 21, 2006
    risk 0.00cvss epss 0.01

    Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10.