8 matches found
CVE-2006-4656
CVE-2006-4656 is a PHP remote file inclusion in SPAW Editor’s spaw_control.class.php (Web Provence SL_Site 1.0 and earlier) allowing code execution via a URL in spaw_root; analysis notes the issue originates in a third‑party SPAW Editor PHP Edition. Related records (CVE-2007-3237/3289) describe t...
Sql injection
SQL injection vulnerability in page.php in SLsite 1.0 allows remote attackers to execute arbitrary SQL commands via the idpage parameter. NOTE: this issue could be used to produce resultant XSS from an error message...
Directory traversal
Directory traversal vulnerability in gallerie.php in SLsite 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS fro...
CVE-2006-2015
Cross-site scripting XSS vulnerability in SLsite 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other primary vulnerabilities that have separate CV...
CVE-2006-2014
Directory traversal vulnerability in gallerie.php in SLsite 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS fro...
CVE-2006-2014
CVE-2006-2014 affects SL_site 1.0: a directory traversal in gallerie.php allows remote attackers to list images in arbitrary directories using .. sequences in the rep parameter, which is used to build a directory name in admin/config.inc.php. The issue can potentially lead to an XSS condition via...
CVE-2006-2015
CVE-2006-2015 is an XSS vulnerability in SL_site 1.0, exploitable through the recherche parameter in recherche.php. The issue is documented to allow remote attackers to inject arbitrary web script or HTML. The associated CVSSv2 details indicate Network attack vector, High access complexity, no au...
CVE-2006-2013
The CVE-2006-2013 issue concerns SL_site 1.0 with a SQL injection in page.php via the id_page parameter. The vulnerability allows remote execution of arbitrary SQL commands, and the error message could trigger a resultant XSS. Affected component: page.php in SL_site 1.0; root cause: improper inpu...