5 matches found
CVE-2008-1355
Cross-site scripting XSS vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...
CVE-2008-1355
CVE-2008-1355 describes a Cross-site scripting (XSS) vulnerability in the Jeebles Directory 2.9.60, specifically in index.php where the attacker can inject arbitrary web script or HTML via the path parameter. The issue is caused by improper handling of the path parameter, allowing remote code exe...
CVE-2007-5706
CVE-2007-5706 describes an absolute path traversal vulnerability in the download.php of Jeebles Directory 2.9.60. An attacker can read arbitrary files by supplying a full pathname in the query string. The vulnerability is documented across multiple sources and is classified as a high-severity iss...
CVE-2007-5705
Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the detai...
Jeebles Technology Jeebles Directory 2.9.60 - download.php Local File Inclusion
Jeebles Technology Jeebles Directory 2.9.60 - download.php Local File Inclusion source: https://www.securityfocus.com/bid/26171/info Jeebles Directory is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an...