2 matches found
CVE-2006-3004
Ez Ringtone Manager contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. The flaws are triggered via (1) the id parameter in player.php and (2) the keyword parameter used in search functionality. Impact is described as en...
CVE-2008-6112
CVE-2008-6112 : In Ez Ringtone Manager, multiple directory traversal vulnerabilities allow remote attackers to read arbitrary files via a “..” in the id parameter of the detail action to (1) main.php and (2) template.php under ringtones/. The NVD entry assigns a base score of 5.0 (Medium) with ne...