CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3345
https://notcve.org/view.php?id=CVE-2015-3345
21 Apr 2015 — SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database." Vulnerabilidad de inyección SQL en el módulo PHPlist Integration anterior a 6.x-1.7 para Drupal permite a administradores remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados, relacionado con la 'base de datos de phpList.' • http://www.openwall.com/lists/oss-security/2015/01/29/6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2014-2916
https://notcve.org/view.php?id=CVE-2014-2916
05 May 2014 — Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. Vulnerabilidad de CSRF en el editor de página de suscripción en phpList anterior a 3.0.6 permite a atacantes remotos secuestrar la autenticación de administradores a través de una solicitud hacia admin/. • http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 3CVE-2012-2740 – phpList 2.10.17 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2740
06 Sep 2012 — SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. Vulnerabilidad de inyección SQL en public_html/lists/admin en phpList anterior a v2.10.18, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro SortBy en una acción de encontrar. • https://www.exploit-db.com/exploits/18639 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 8%CPEs: 16EXPL: 3CVE-2012-2741 – phpList 2.10.17 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2741
06 Sep 2012 — Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en public_html/lists/admin/ en phpList anterior a v2.10.18, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro num en una acción reconcileusers • https://www.exploit-db.com/exploits/18639 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 23EXPL: 3CVE-2012-3952 – phpList 2.10.18 - 'unconfirmed' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-3952
12 Aug 2012 — Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin/index.php en phpList anterior a v2.10.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro unconfirmed para la página user. • https://www.exploit-db.com/exploits/37590 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 4CVE-2012-3953 – phpList 2.10.18 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2012-3953
12 Aug 2012 — SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. Vulnerabilidad de inyección SQL en admin/index.php en phpList anterior a v2.10.19, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro delete para la página editattributes. • https://www.exploit-db.com/exploits/37613 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 5%CPEs: 23EXPL: 5CVE-2012-4246 – phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4246
12 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en lists/admin/index.php en phpList anterior a v2.10.19, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro ... • https://www.exploit-db.com/exploits/18419 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 4%CPEs: 23EXPL: 1CVE-2012-4247 – phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4247
12 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en lists/admin/index.php en phpList anterior a v2.10.19, permite a... • https://www.exploit-db.com/exploits/18419 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 11EXPL: 3CVE-2008-6178 – Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-6178
19 Feb 2009 — Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of t... • https://www.exploit-db.com/exploits/8060 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 6%CPEs: 1EXPL: 4CVE-2006-5524 – phpList 2.10.2 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5524
26 Oct 2006 — Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. Vulnerabilidad de cruce de sitios en scripts (XSS) en index.php de phplist 2.10.2 permite a atacantes remotos inyectar scripts WEB o HTML de su elección mediante el parámetro p. NOTA: Esta vulnerabilidad podría sobreponerse con CVE-2006-5321. • https://www.exploit-db.com/exploits/28824 •