NotCVE - vendor:"Phpmyfaq" product:"Phpmyfaq" version:"1.0"

Page 21 of 104 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 117EXPL: 0

CVE-2009-4040

https://notcve.org/view.php?id=CVE-2009-4040

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzado (XSS) en phpMyFAQ antes de v2.0.17 y v2.5.x antes de v2.5.2, cuando se utiliza con Internet Explorer v6 o v7, permite a atacantes remotos inyectar HTML o scripts web a través de parámetros no especificados a la página de búsqueda. • http://secunia.com/advisories/37354 http://www.phpmyfaq.de/advisory_2009-09-01.php http://www.vupen.com/english/advisories/2009/3241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 78EXPL: 0

CVE-2007-1032

https://notcve.org/view.php?id=CVE-2007-1032

Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server." Una vulnerabilidad no especificada en phpMyFAQ versión 1.6.9 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos "gain the privilege for uploading files on the server." • http://osvdb.org/32603 http://secunia.com/advisories/24230 http://www.phpmyfaq.de/advisory_2007-02-18.php https://exchange.xforce.ibmcloud.com/vulnerabilities/32573 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2006-6912 – phpMyFAQ 1.6.7 - SQL Injection / Command Execution

https://notcve.org/view.php?id=CVE-2006-6912

SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. Vulnerabilidad de inyección de SQL en el phpMyFAQ 1.6.7 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores sin especificar. • https://www.exploit-db.com/exploits/3393 http://secunia.com/advisories/23651 http://www.phpmyfaq.de/advisory_2006-12-15.php http://www.securityfocus.com/bid/21944 http://www.vupen.com/english/advisories/2007/0077 https://exchange.xforce.ibmcloud.com/vulnerabilities/32802 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2006-6913

https://notcve.org/view.php?id=CVE-2006-6913

Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. Vulnerabilidad no especificada en phpMyFAQ 1.6.7 y anteriores permite a atacantes remotos enviar secuencias de comandos PHP de su elección a través de vectores no especificados. • http://secunia.com/advisories/23651 http://www.phpmyfaq.de/advisory_2006-12-15.php http://www.securityfocus.com/bid/21945 http://www.vupen.com/english/advisories/2007/0077 •

1...19 20 21