CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 4CVE-2012-3953 – phpList 2.10.18 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2012-3953
12 Aug 2012 — SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. Vulnerabilidad de inyección SQL en admin/index.php en phpList anterior a v2.10.19, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro delete para la página editattributes. • https://www.exploit-db.com/exploits/37613 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 5%CPEs: 23EXPL: 5CVE-2012-4246 – phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4246
12 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en lists/admin/index.php en phpList anterior a v2.10.19, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro ... • https://www.exploit-db.com/exploits/18419 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 4%CPEs: 23EXPL: 1CVE-2012-4247 – phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4247
12 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en lists/admin/index.php en phpList anterior a v2.10.19, permite a... • https://www.exploit-db.com/exploits/18419 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 74EXPL: 2CVE-2011-0748 – phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0748
13 Apr 2011 — Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en phpList anterior a v2.10.13, permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) añaden o (2) editan cuentas de administrador. • https://www.exploit-db.com/exploits/18419 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.2EPSS: 0%CPEs: 75EXPL: 1CVE-2011-1682 – phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-1682
13 Apr 2011 — Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (C... • https://www.exploit-db.com/exploits/18419 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 4%CPEs: 11EXPL: 3CVE-2008-6178 – Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-6178
19 Feb 2009 — Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of t... • https://www.exploit-db.com/exploits/8060 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 70EXPL: 2CVE-2009-0422 – phpList 2.10.8 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-0422
05 Feb 2009 — Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php. Vulnerabilidad de evaluación de variable dinámica en lists/admin.php en phpList v2.10.8 y versiones anteriores, cuando register_globals no está activa, permite a atacantes remotos incluir y ejecutar ficheros locales de su ele... • https://www.exploit-db.com/exploits/7778 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 69EXPL: 0CVE-2008-5887
https://notcve.org/view.php?id=CVE-2008-5887
12 Jan 2009 — phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." phplist anterior a v2.10.8 permite a atacantes remotos incluir ficheros a través de vectores desconocidos, relacionada a una "vulnerabilidad de inclusión de un fichero local." • http://secunia.com/advisories/33186 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 6%CPEs: 1EXPL: 4CVE-2006-5524 – phpList 2.10.2 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5524
26 Oct 2006 — Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. Vulnerabilidad de cruce de sitios en scripts (XSS) en index.php de phplist 2.10.2 permite a atacantes remotos inyectar scripts WEB o HTML de su elección mediante el parámetro p. NOTA: Esta vulnerabilidad podría sobreponerse con CVE-2006-5321. • https://www.exploit-db.com/exploits/28824 •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 1CVE-2006-5321
https://notcve.org/view.php?id=CVE-2006-5321
17 Oct 2006 — Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phplist anterior a 2.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://tincan.co.uk/?lid=1821 •