CVSS: 5.0EPSS: 0%CPEs: 69EXPL: 0CVE-2008-5887
https://notcve.org/view.php?id=CVE-2008-5887
phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." phplist anterior a v2.10.8 permite a atacantes remotos incluir ficheros a través de vectores desconocidos, relacionada a una "vulnerabilidad de inclusión de un fichero local." • http://secunia.com/advisories/33186 http://securityreason.com/securityalert/4901 http://www.phplist.com/?lid=273 http://www.securityfocus.com/archive/1/499218/100/0/threaded http://www.securityfocus.com/bid/32841 https://exchange.xforce.ibmcloud.com/vulnerabilities/47395 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-5322
https://notcve.org/view.php?id=CVE-2006-5322
Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en phplist anterior a 2.10.3 permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores no especificados. • http://tincan.co.uk/?lid=1821 http://www.phplist.com/news https://exchange.xforce.ibmcloud.com/vulnerabilities/29637 •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 1CVE-2006-5321
https://notcve.org/view.php?id=CVE-2006-5321
Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en phplist anterior a 2.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://tincan.co.uk/?lid=1821 http://www.phplist.com/news http://www.securityfocus.com/bid/20483 •
CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 2CVE-2006-5294 – phpList 2.x - Public Pages MultipleCross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-5294
Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en phplist anteriores a 2.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro unsubscribeemail. • https://www.exploit-db.com/exploits/28790 http://mantis.phplist.com/changelog_page.php http://secunia.com/advisories/22405 http://securityreason.com/securityalert/1728 http://tincan.co.uk/?lid=1821 http://websecurity.com.ua/267 http://www.phplist.com/news http://www.securityfocus.com/archive/1/448411/100/0/threaded http://www.securityfocus.com/bid/20483 http://www.vupen.com/english/advisories/2006/4027 •
CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 3CVE-2006-1746
https://notcve.org/view.php?id=CVE-2006-1746
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. Vulnerabilidad de salto de directorio en PHPList 2.10.2 y versiones anteriores permite a atacantes remotos inlcuir archivos locales arbitrarios a través de los parámetros (1) GLOBALS[database_module] o (2) GLOBALS[language_module], lo que sobrescribe la variable $GLOBALS subyacente. • http://downloads.securityfocus.com/vulnerabilities/exploits/PHPList-lfi.php http://securitytracker.com/id?1015889 http://tincan.co.uk/?lid=851 http://www.securityfocus.com/archive/1/430475/30/30/threaded http://www.securityfocus.com/archive/1/430597 http://www.securityfocus.com/archive/1/448411 http://www.securityfocus.com/bid/17429 http://www.vupen.com/english/advisories/2006/1296 https://exchange.xforce.ibmcloud.com/vulnerabilities/25701 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •