CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 2CVE-2006-5294 – phpList 2.x - Public Pages MultipleCross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-5294
Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en phplist anteriores a 2.10.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro unsubscribeemail. • https://www.exploit-db.com/exploits/28790 http://mantis.phplist.com/changelog_page.php http://secunia.com/advisories/22405 http://securityreason.com/securityalert/1728 http://tincan.co.uk/?lid=1821 http://websecurity.com.ua/267 http://www.phplist.com/news http://www.securityfocus.com/archive/1/448411/100/0/threaded http://www.securityfocus.com/bid/20483 http://www.vupen.com/english/advisories/2006/4027 •
CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 3CVE-2006-1746
https://notcve.org/view.php?id=CVE-2006-1746
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. Vulnerabilidad de salto de directorio en PHPList 2.10.2 y versiones anteriores permite a atacantes remotos inlcuir archivos locales arbitrarios a través de los parámetros (1) GLOBALS[database_module] o (2) GLOBALS[language_module], lo que sobrescribe la variable $GLOBALS subyacente. • http://downloads.securityfocus.com/vulnerabilities/exploits/PHPList-lfi.php http://securitytracker.com/id?1015889 http://tincan.co.uk/?lid=851 http://www.securityfocus.com/archive/1/430475/30/30/threaded http://www.securityfocus.com/archive/1/430597 http://www.securityfocus.com/archive/1/448411 http://www.securityfocus.com/bid/17429 http://www.vupen.com/english/advisories/2006/1296 https://exchange.xforce.ibmcloud.com/vulnerabilities/25701 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •