Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Phpkobo Security Vulnerabilities

cve
cve

CVE-2010-1057

Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) ...

7.5AI Score

0.051EPSS

2010-03-23 05:30 PM
24
cve
cve

CVE-2010-1058

Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.

7.3AI Score

0.017EPSS

2010-03-23 05:30 PM
21
cve
cve

CVE-2010-1059

Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this infor...

7.2AI Score

0.004EPSS

2010-03-23 05:30 PM
30
cve
cve

CVE-2010-1060

Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.

7.3AI Score

0.009EPSS

2010-03-23 05:30 PM
17
cve
cve

CVE-2010-1061

Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2) codelib/cfg/common.inc.ph...

7.3AI Score

0.006EPSS

2010-03-23 05:30 PM
22
cve
cve

CVE-2010-1062

Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtai...

7.4AI Score

0.009EPSS

2010-03-23 05:30 PM
21
cve
cve

CVE-2010-1063

Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form...

7.3AI Score

0.006EPSS

2010-03-23 05:30 PM
30
cve
cve

CVE-2023-41445

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.

6.1CVSS

6.4AI Score

0.002EPSS

2023-09-27 11:15 PM
22
cve
cve

CVE-2023-41446

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.

6.1CVSS

6.4AI Score

0.002EPSS

2023-09-28 03:15 AM
31
cve
cve

CVE-2023-41447

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.

6.1CVSS

6.4AI Score

0.002EPSS

2023-09-28 03:15 AM
30
cve
cve

CVE-2023-41448

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.

6.1CVSS

6.4AI Score

0.002EPSS

2023-09-27 11:15 PM
25
cve
cve

CVE-2023-41449

An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.

9.8CVSS

9.4AI Score

0.004EPSS

2023-09-27 11:15 PM
29
cve
cve

CVE-2023-41450

An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.

8.8CVSS

8.7AI Score

0.005EPSS

2023-09-28 03:15 AM
33
cve
cve

CVE-2023-41451

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.

6.1CVSS

6.4AI Score

0.002EPSS

2023-09-27 11:15 PM
29
cve
cve

CVE-2023-41452

Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.

8.8CVSS

8.8AI Score

0.004EPSS

2023-09-27 11:15 PM
27
cve
cve

CVE-2023-41453

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.

6.1CVSS

6.4AI Score

0.002EPSS

2023-09-27 11:15 PM
27
cve
cve

CVE-2023-5313

A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be laun...

5.3CVSS

4.5AI Score

0.001EPSS

2023-09-30 03:15 PM
31