Page 16 of 106 results (0.008 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2

CVE-2007-1845 – PHP-Fusion 6.1.5 Mod Calendar_Panel - 'Show_Event.php' SQL Injection

https://notcve.org/view.php?id=CVE-2007-1845

SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter. Vulnerabilidad de inyección SQL en el show_event.php del módulo del Calendario Extendido (calendar_panel) 2.00 para el PHP-Fusion permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro m_month. • https://www.exploit-db.com/exploits/29806 http://osvdb.org/36310 http://secunia.com/advisories/24718 http://securityreason.com/securityalert/2514 http://www.securityfocus.com/archive/1/464348/100/0/threaded http://www.securityfocus.com/bid/23225 http://www.vupen.com/english/advisories/2007/1191 https://exchange.xforce.ibmcloud.com/vulnerabilities/33336 •

CVSS: 2.6EPSS: 1%CPEs: 12EXPL: 3

CVE-2006-4673 – PHP-Fusion 6.0.x - 'news.php' SQL Injection

https://notcve.org/view.php?id=CVE-2006-4673

Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php. Vulnerabilidad de sobre escritura de variable global en maincore.php en PHP-Fusion 6.01.4 y anteriores utiliza la función extract sobre super globales, lo que permite a un atacante remoto conducir a ataques de inyección SQL a través del parámetro _SERVER[REMOTE_ADDR] a news.php. • https://www.exploit-db.com/exploits/28496 http://marc.info/?l=bugtraq&m=115765187519458&w=2 http://retrogod.altervista.org/phpfusion_6-01-4_xpl.html http://secunia.com/advisories/21830 http://www.php-fusion.co.uk/news.php?readmore=353 http://www.securityfocus.com/bid/19908 http://www.vupen.com/english/advisories/2006/3523 https://exchange.xforce.ibmcloud.com/vulnerabilities/28818 •

CVSS: 5.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2006-3555

https://notcve.org/view.php?id=CVE-2006-3555

Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en submit.php de PHP-Fusion before 6.01.3 permiten a atacantes remotos inyectar web script o HTML de su elección usando edit_profile.php para enviar imágenes adjuntas de (1) avatar o (2) forum que tienen extension .gif o .jpg, y comenzando con una cabecera GIF seguida de código JavaScript, el cual es ejecutado por Internet Explorer. • http://php-fusion.co.uk/news.php http://secunia.com/advisories/20904 http://securityreason.com/securityalert/1224 http://www.securityfocus.com/archive/1/438938/100/0/threaded http://www.securityfocus.com/bid/18787 http://www.vupen.com/english/advisories/2006/2655 https://exchange.xforce.ibmcloud.com/vulnerabilities/27537 •

CVSS: 6.4EPSS: 4%CPEs: 2EXPL: 2

CVE-2006-2459 – PHP-Fusion 6.00.306 - 'srch_where' SQL Injection

https://notcve.org/view.php?id=CVE-2006-2459

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter. • https://www.exploit-db.com/exploits/1796 http://retrogod.altervista.org/phpfusion_600306_sql.html http://secunia.com/advisories/20129 http://securityreason.com/securityalert/922 http://securitytracker.com/id?1016111 http://www.osvdb.org/25542 http://www.securityfocus.com/archive/1/434162/100/0/threaded http://www.securityfocus.com/bid/18009 http://www.vupen.com/english/advisories/2006/1839 https://exchange.xforce.ibmcloud.com/vulnerabilities/26491 •

CVSS: 6.4EPSS: 0%CPEs: 11EXPL: 2

CVE-2006-2331 – PHP-Fusion 6.00.306 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2006-2331

Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files. • https://www.exploit-db.com/exploits/1760 http://secunia.com/advisories/19992 http://securityreason.com/securityalert/194 http://securityreason.com/securityalert/873 http://www.osvdb.org/25538 http://www.osvdb.org/25539 http://www.php-fusion.co.uk/news.php http://www.php-fusion.co.uk/news.php?readmore=321 http://www.securityfocus.com/archive/1/433277/100/0/threaded http://www.securityfocus.com/bid/17898 http://www.vupen.com/english/advisories/2006/1735 https: •