Lucene search
+L

123 matches found

Prion
Prion
added 2019/08/05 1:15 p.m.17 views

Open redirect

cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi SEC-162...

5.8CVSS7.1AI score0.00694EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/05 12:53 p.m.28 views

CVE-2016-10769

cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi SEC-162...

6.3AI score0.00694EPSS
Exploits0References1
CVE
CVE
added 2019/08/05 12:53 p.m.48 views

CVE-2016-10769

CVE-2016-10769 affects cPanel before 60.0.25; it enables an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). No exploitation details are provided in the connected docs beyond this, and the vulnerability is characterized as an open redirect. Remediation per the available references is to u...

6.1CVSS6.3AI score0.00694EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/07/13 8:29 p.m.22 views

CVE-2016-9492

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...

9.8CVSS9.6AI score0.03375EPSS
Exploits0References2
NVD
NVD
added 2018/07/13 8:29 p.m.21 views

CVE-2016-9482

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel...

9.8CVSS9.8AI score0.04664EPSS
Exploits0References2
NVD
NVD
added 2018/07/13 8:29 p.m.19 views

CVE-2016-9493

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...

6.1CVSS6.2AI score0.0151EPSS
Exploits0References2
NVD
NVD
added 2018/07/13 8:29 p.m.19 views

CVE-2016-9484

The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any P...

7.5CVSS8.9AI score0.04411EPSS
Exploits0References2
NVD
NVD
added 2018/07/13 8:29 p.m.17 views

CVE-2016-9483

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...

9.8CVSS7.8AI score0.03471EPSS
Exploits0References2
OSV
OSV
added 2018/07/13 8:29 p.m.6 views

CVE-2016-9493

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...

6.1CVSS5.4AI score0.0151EPSS
Exploits0References2
OSV
OSV
added 2018/07/13 8:29 p.m.5 views

CVE-2016-9492

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...

9.8CVSS5.9AI score0.03375EPSS
Exploits0References2
Prion
Prion
added 2018/07/13 8:29 p.m.18 views

Cross site scripting

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...

4.3CVSS6.8AI score0.0151EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/07/13 8:29 p.m.15 views

Authentication flaw

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel...

7.5CVSS7.7AI score0.04664EPSS
Exploits0References2
Prion
Prion
added 2018/07/13 8:29 p.m.21 views

Path traversal

The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any P...

5CVSS9.6AI score0.04411EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/07/13 8:29 p.m.17 views

Unrestricted file upload

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...

7.5CVSS7.4AI score0.03375EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/07/13 8:29 p.m.16 views

Input validation

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...

7.5CVSS7.7AI score0.04411EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/07/13 8:0 p.m.23 views

CVE-2016-9482 PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to authentication bypass

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel...

9.8AI score0.04664EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/07/13 8:0 p.m.25 views

CVE-2016-9493 PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...

6.7AI score0.0151EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/07/13 8:0 p.m.28 views

CVE-2016-9483 PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...

8.7AI score0.03471EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/07/13 8:0 p.m.25 views

CVE-2016-9484 PHP FormMail Generator generates PHP code for standard web forms, and the code generated does not properly validate user input folder directories and is vulnerable to path traversal

The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any P...

8.9AI score0.04411EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/07/13 8:0 p.m.28 views

CVE-2016-9492 PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload of dangerous file types

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PH...

9.7AI score0.03375EPSS
Exploits0References2
Rows per page
Query Builder