RSS   Vulnerabilities for 'Phplist'   RSS

2012-10-01
 
CVE-2012-5228

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information.

 
2012-08-11
 
CVE-2012-3952

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.

 
2011-04-13
 
CVE-2011-1682

CWE-352
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

 
 
CVE-2011-0748

CWE-352
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.

 
2009-02-04
 
CVE-2009-0422

CWE-94
 

 
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.

 
2009-01-12
 
CVE-2008-5887

CWE-20
 

 
phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability."

 
2006-10-17
 
CVE-2006-5322

 

 
Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

 
 
CVE-2006-5321

 

 
Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
2006-10-16
 
CVE-2006-5294

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter.

 
2006-04-12
 
CVE-2006-1746

 

 
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.

 


Copyright 2024, cxsecurity.com

 

Back to Top