CVE-2006-5294 – phpList 2.x - Public Pages MultipleCross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-5294
Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en phplist anteriores a 2.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro unsubscribeemail. • https://www.exploit-db.com/exploits/28790 http://mantis.phplist.com/changelog_page.php http://secunia.com/advisories/22405 http://securityreason.com/securityalert/1728 http://tincan.co.uk/?lid=1821 http://websecurity.com.ua/267 http://www.phplist.com/news http://www.securityfocus.com/archive/1/448411/100/0/threaded http://www.securityfocus.com/bid/20483 http://www.vupen.com/english/advisories/2006/4027 •
CVE-2006-1746
https://notcve.org/view.php?id=CVE-2006-1746
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. Vulnerabilidad de salto de directorio en PHPList 2.10.2 y versiones anteriores permite a atacantes remotos inlcuir archivos locales arbitrarios a través de los parámetros (1) GLOBALS[database_module] o (2) GLOBALS[language_module], lo que sobrescribe la variable $GLOBALS subyacente. • http://downloads.securityfocus.com/vulnerabilities/exploits/PHPList-lfi.php http://securitytracker.com/id?1015889 http://tincan.co.uk/?lid=851 http://www.securityfocus.com/archive/1/430475/30/30/threaded http://www.securityfocus.com/archive/1/430597 http://www.securityfocus.com/archive/1/448411 http://www.securityfocus.com/bid/17429 http://www.vupen.com/english/advisories/2006/1296 https://exchange.xforce.ibmcloud.com/vulnerabilities/25701 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2005-3556 – PHPList Mailing List Manager 2.x - '/admin/configure.php?id' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3556
Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php. • https://www.exploit-db.com/exploits/26484 https://www.exploit-db.com/exploits/26483 https://www.exploit-db.com/exploits/26485 http://osvdb.org/20570 http://osvdb.org/20571 http://osvdb.org/20572 http://osvdb.org/20573 http://osvdb.org/20574 http://osvdb.org/20575 http://osvdb.org/20576 http://secunia.com/advisories/17476 http://www.securityfocus.com/archive/1/416005/30/0/threaded http://www.securityfocus.com/bid/15350 http://www.trapkit.de •
CVE-2005-3557
https://notcve.org/view.php?id=CVE-2005-3557
Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request. • http://osvdb.org/20569 http://secunia.com/advisories/17476 http://www.securityfocus.com/archive/1/416005/30/0/threaded http://www.securityfocus.com/bid/15350 http://www.trapkit.de/advisories/TKADV2005-11-001.txt http://www.vupen.com/english/advisories/2005/2345 •
CVE-2005-3555 – PHPList Mailing List Manager 2.x - '/admin/admin.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3555
Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page. • https://www.exploit-db.com/exploits/26481 https://www.exploit-db.com/exploits/26482 http://osvdb.org/20567 http://osvdb.org/20568 http://secunia.com/advisories/17476 http://www.securityfocus.com/archive/1/416005/30/0/threaded http://www.securityfocus.com/bid/15350 http://www.trapkit.de/advisories/TKADV2005-11-001.txt http://www.vupen.com/english/advisories/2005/2345 •