CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5560
https://notcve.org/view.php?id=CVE-2006-5560
27 Oct 2006 — Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en heading.php en Boesch ProgSys 0.151 y anteriores permiten a un atacante remoto inyectar secuencias de comandos web o HTML a... • http://secunia.com/advisories/22532 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2006-4944 – ProgSys 0.156 - 'RR.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4944
23 Sep 2006 — PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. Vulnerabilidad PHP de inclusión remota de archivo en includes/pear/Net/DNS/RR.php en ProgSys 0.151 y anteriores permite a un atacante remoto ejecutar código PHP de su elección a través de una URL en el parámetro phpdns_basedir . • https://www.exploit-db.com/exploits/2411 • CWE-94: Improper Control of Generation of Code ('Code Injection') •