CVE-2006-5560
https://notcve.org/view.php?id=CVE-2006-5560
Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en heading.php en Boesch ProgSys 0.151 y anteriores permiten a un atacante remoto inyectar secuencias de comandos web o HTML a través de PATH_INFO a admin/index.php,y vectores no especificados a otros ciertos archivos. NOTA: algunos de estos detalles se obtuvieron de terceras fuentes de información. • http://secunia.com/advisories/22532 http://securityreason.com/securityalert/1782 http://www.securityfocus.com/archive/1/449571/100/0/threaded http://www.securityfocus.com/bid/20720 http://www.vigilon.com/advisories/vg-progsys-24-10-2006.txt http://www.vupen.com/english/advisories/2006/4194 https://exchange.xforce.ibmcloud.com/vulnerabilities/29770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-4944 – ProgSys 0.156 - 'RR.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4944
PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. Vulnerabilidad PHP de inclusión remota de archivo en includes/pear/Net/DNS/RR.php en ProgSys 0.151 y anteriores permite a un atacante remoto ejecutar código PHP de su elección a través de una URL en el parámetro phpdns_basedir . • https://www.exploit-db.com/exploits/2411 http://www.securityfocus.com/bid/20141 https://exchange.xforce.ibmcloud.com/vulnerabilities/29078 • CWE-94: Improper Control of Generation of Code ('Code Injection') •