Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Comscripts Security Vulnerabilities

cve
cve

CVE-2002-2217

Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php.

8AI Score

0.076EPSS

2006-09-11 04:00 PM
27
cve
cve

CVE-2006-3168

SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.

8.8AI Score

0.012EPSS

2006-06-23 12:02 AM
27
cve
cve

CVE-2006-3169

Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7)...

6AI Score

0.01EPSS

2006-06-23 12:02 AM
19
cve
cve

CVE-2006-3170

CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message.

6.7AI Score

0.008EPSS

2006-06-23 12:02 AM
23
cve
cve

CVE-2006-3171

CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php.

7.2AI Score

0.022EPSS

2006-06-23 12:02 AM
17
cve
cve

CVE-2006-4622

PHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5AI Score

0.839EPSS

2006-09-07 12:04 AM
88
cve
cve

CVE-2006-4678

PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php.

8AI Score

0.051EPSS

2006-09-11 05:04 PM
28
cve
cve

CVE-2006-4746

PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.

7.5AI Score

0.012EPSS

2006-09-13 10:07 PM
24
cve
cve

CVE-2006-4753

Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

7AI Score

0.023EPSS

2006-09-13 10:07 PM
20
cve
cve

CVE-2006-4754

Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that revea...

6AI Score

0.014EPSS

2006-09-13 10:07 PM
25
cve
cve

CVE-2007-0361

PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.

7.5AI Score

0.052EPSS

2007-01-19 01:28 AM
28
cve
cve

CVE-2007-1144

Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.

6.7AI Score

0.004EPSS

2007-03-02 09:18 PM
22
cve
cve

CVE-2007-4937

CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php.

6.5AI Score

0.011EPSS

2007-09-18 07:17 PM
25
cve
cve

CVE-2008-6543

Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) re...

7.2AI Score

0.022EPSS

2009-03-30 01:30 AM
23
cve
cve

CVE-2008-6545

PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party ...

7.5AI Score

0.02EPSS

2009-03-30 01:30 AM
25
cve
cve

CVE-2008-6655

Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom p...

5.9AI Score

0.001EPSS

2009-04-07 02:17 PM
22
cve
cve

CVE-2010-1113

Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.

5.8AI Score

0.002EPSS

2010-03-25 05:30 PM
37
cve
cve

CVE-2010-1114

Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php.

7.9AI Score

0.006EPSS

2010-03-25 05:30 PM
17
cve
cve

CVE-2010-1115

Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.

6.8AI Score

0.003EPSS

2010-03-25 05:30 PM
19