CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 3CVE-2006-1746
https://notcve.org/view.php?id=CVE-2006-1746
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. Vulnerabilidad de salto de directorio en PHPList 2.10.2 y versiones anteriores permite a atacantes remotos inlcuir archivos locales arbitrarios a través de los parámetros (1) GLOBALS[database_module] o (2) GLOBALS[language_module], lo que sobrescribe la variable $GLOBALS subyacente. • http://downloads.securityfocus.com/vulnerabilities/exploits/PHPList-lfi.php http://securitytracker.com/id?1015889 http://tincan.co.uk/?lid=851 http://www.securityfocus.com/archive/1/430475/30/30/threaded http://www.securityfocus.com/archive/1/430597 http://www.securityfocus.com/archive/1/448411 http://www.securityfocus.com/bid/17429 http://www.vupen.com/english/advisories/2006/1296 https://exchange.xforce.ibmcloud.com/vulnerabilities/25701 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 4CVE-2005-3556 – PHPList Mailing List Manager 2.x - '/admin/configure.php?id' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3556
Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php. • https://www.exploit-db.com/exploits/26484 https://www.exploit-db.com/exploits/26483 https://www.exploit-db.com/exploits/26485 http://osvdb.org/20570 http://osvdb.org/20571 http://osvdb.org/20572 http://osvdb.org/20573 http://osvdb.org/20574 http://osvdb.org/20575 http://osvdb.org/20576 http://secunia.com/advisories/17476 http://www.securityfocus.com/archive/1/416005/30/0/threaded http://www.securityfocus.com/bid/15350 http://www.trapkit.de&# •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2005-3555 – PHPList Mailing List Manager 2.x - '/admin/admin.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3555
Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page. • https://www.exploit-db.com/exploits/26481 https://www.exploit-db.com/exploits/26482 http://osvdb.org/20567 http://osvdb.org/20568 http://secunia.com/advisories/17476 http://www.securityfocus.com/archive/1/416005/30/0/threaded http://www.securityfocus.com/bid/15350 http://www.trapkit.de/advisories/TKADV2005-11-001.txt http://www.vupen.com/english/advisories/2005/2345 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2005-3557
https://notcve.org/view.php?id=CVE-2005-3557
Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request. • http://osvdb.org/20569 http://secunia.com/advisories/17476 http://www.securityfocus.com/archive/1/416005/30/0/threaded http://www.securityfocus.com/bid/15350 http://www.trapkit.de/advisories/TKADV2005-11-001.txt http://www.vupen.com/english/advisories/2005/2345 •