Page 3 of 14 results (0.003 seconds)

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 1

Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request. • http://osvdb.org/20569 http://secunia.com/advisories/17476 http://www.securityfocus.com/archive/1/416005/30/0/threaded http://www.securityfocus.com/bid/15350 http://www.trapkit.de/advisories/TKADV2005-11-001.txt http://www.vupen.com/english/advisories/2005/2345 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3

Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page. • https://www.exploit-db.com/exploits/26481 https://www.exploit-db.com/exploits/26482 http://osvdb.org/20567 http://osvdb.org/20568 http://secunia.com/advisories/17476 http://www.securityfocus.com/archive/1/416005/30/0/threaded http://www.securityfocus.com/bid/15350 http://www.trapkit.de/advisories/TKADV2005-11-001.txt http://www.vupen.com/english/advisories/2005/2345 •

CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1

SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin. Vulerabilidad de inyección de SQL en PhpList permite que atacantes remotos modifiquen sentencias SQL mediante el argumento id en las páginas de administració, tales como "members" o "admin". • https://www.exploit-db.com/exploits/26045 http://marc.info/?l=bugtraq&m=112258115325054&w=2 http://marc.info/?l=bugtraq&m=112291396731712&w=2 http://secunia.com/advisories/16274 http://securitytracker.com/id?1014607 http://www.osvdb.org/18316 http://www.securityfocus.com/bid/14403 https://exchange.xforce.ibmcloud.com/vulnerabilities/21576 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory, which reveal the path in an error message. PhoList permite que atacantes remotos obtengan información confidencial mediante una petición directa a: (1) about.php, (2) connect.php, (3) domainstats.php o (4) usercheck.php en el directorio public_html/lists/admin , (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, o (10) users.php en el directorio admin/commonlib/pages , (11) helloworld.php, o (12) sidebar.php en el directorio public_html/lists/admin/plugins, o (13) main.php en el directorio public_html/lists/admin/plugsins/defaultplugin, lo que revela el path en un mensaje de error. • http://marc.info/?l=bugtraq&m=112258115325054&w=2 http://www.osvdb.org/18317 http://www.osvdb.org/18318 http://www.osvdb.org/18319 http://www.osvdb.org/18320 http://www.osvdb.org/18321 http://www.osvdb.org/18322 http://www.osvdb.org/18323 http://www.osvdb.org/18324 http://www.osvdb.org/18325 http://www.osvdb.org/18326 http://www.osvdb.org/18327 http://www.osvdb.org/18328 http://www.osvdb.org/18329 https://exchange.xforce. •