CVE-2009-0422 – phpList 2.10.8 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-0422
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php. Vulnerabilidad de evaluación de variable dinámica en lists/admin.php en phpList v2.10.8 y versiones anteriores, cuando register_globals no está activa, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de secuencias de salto de directorio en el parámetro "_SERVER[ConfigFile]" de admin/index.php. • https://www.exploit-db.com/exploits/7778 http://secunia.com/advisories/33533 http://www.bugreport.ir/index_60.htm http://www.securityfocus.com/archive/1/500057/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47945 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-5887
https://notcve.org/view.php?id=CVE-2008-5887
phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." phplist anterior a v2.10.8 permite a atacantes remotos incluir ficheros a través de vectores desconocidos, relacionada a una "vulnerabilidad de inclusión de un fichero local." • http://secunia.com/advisories/33186 http://securityreason.com/securityalert/4901 http://www.phplist.com/?lid=273 http://www.securityfocus.com/archive/1/499218/100/0/threaded http://www.securityfocus.com/bid/32841 https://exchange.xforce.ibmcloud.com/vulnerabilities/47395 • CWE-20: Improper Input Validation •
CVE-2006-5524 – phpList 2.10.2 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5524
Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. Vulnerabilidad de cruce de sitios en scripts (XSS) en index.php de phplist 2.10.2 permite a atacantes remotos inyectar scripts WEB o HTML de su elección mediante el parámetro p. NOTA: Esta vulnerabilidad podría sobreponerse con CVE-2006-5321. • https://www.exploit-db.com/exploits/28824 http://secunia.com/advisories/22431 http://securityreason.com/securityalert/1779 http://securitytracker.com/alerts/2006/Oct/1017102.html http://www.securityfocus.com/archive/1/448923/100/100/threaded http://www.securityfocus.com/bid/20577/info http://www.vupen.com/english/advisories/2006/4084 •
CVE-2006-5321
https://notcve.org/view.php?id=CVE-2006-5321
Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phplist anterior a 2.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://tincan.co.uk/?lid=1821 http://www.phplist.com/news http://www.securityfocus.com/bid/20483 •
CVE-2006-5322
https://notcve.org/view.php?id=CVE-2006-5322
Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en phplist anterior a 2.10.3 permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores no especificados. • http://tincan.co.uk/?lid=1821 http://www.phplist.com/news https://exchange.xforce.ibmcloud.com/vulnerabilities/29637 •