CVSS: 9.8EPSS: 1%CPEs: 70EXPL: 2CVE-2009-0422 – phpList 2.10.8 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-0422
05 Feb 2009 — Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php. Vulnerabilidad de evaluación de variable dinámica en lists/admin.php en phpList v2.10.8 y versiones anteriores, cuando register_globals no está activa, permite a atacantes remotos incluir y ejecutar ficheros locales de su ele... • https://www.exploit-db.com/exploits/7778 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 69EXPL: 0CVE-2008-5887
https://notcve.org/view.php?id=CVE-2008-5887
12 Jan 2009 — phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." phplist anterior a v2.10.8 permite a atacantes remotos incluir ficheros a través de vectores desconocidos, relacionada a una "vulnerabilidad de inclusión de un fichero local." • http://secunia.com/advisories/33186 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 1CVE-2006-5321
https://notcve.org/view.php?id=CVE-2006-5321
17 Oct 2006 — Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phplist anterior a 2.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://tincan.co.uk/?lid=1821 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2006-5322
https://notcve.org/view.php?id=CVE-2006-5322
17 Oct 2006 — Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en phplist anterior a 2.10.3 permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores no especificados. • http://tincan.co.uk/?lid=1821 •
CVSS: 6.1EPSS: 11%CPEs: 8EXPL: 2CVE-2006-5294 – phpList 2.x - Public Pages MultipleCross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-5294
16 Oct 2006 — Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en phplist anteriores a 2.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro unsubscribeemail. • https://www.exploit-db.com/exploits/28790 •
CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 3CVE-2006-1746
https://notcve.org/view.php?id=CVE-2006-1746
12 Apr 2006 — Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. Vulnerabilidad de salto de directorio en PHPList 2.10.2 y versiones anteriores permite a atacantes remotos inlcuir archivos locales arbitrarios a través de los parámetros (1) GLOBALS[database_module] o (2) GLOBALS[language_module], lo que sobrescribe la variab... • http://downloads.securityfocus.com/vulnerabilities/exploits/PHPList-lfi.php • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 2%CPEs: 1EXPL: 3CVE-2005-3555 – PHPList Mailing List Manager 2.x - '/admin/admin.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3555
16 Nov 2005 — Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page. • https://www.exploit-db.com/exploits/26481 •
CVSS: 4.8EPSS: 4%CPEs: 1EXPL: 4CVE-2005-3556 – PHPList Mailing List Manager 2.x - '/admin/configure.php?id' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3556
16 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) ac... • https://www.exploit-db.com/exploits/26484 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2005-3557
https://notcve.org/view.php?id=CVE-2005-3557
16 Nov 2005 — Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request. • http://osvdb.org/20569 •