Show filters
16 Total Results
Displaying 11-16 of 16
Sort by:
Attacker Value
Unknown
CVE-2009-0422
Disclosure Date: February 05, 2009 (last updated October 04, 2023)
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.
0
Attacker Value
Unknown
CVE-2008-5887
Disclosure Date: January 12, 2009 (last updated October 04, 2023)
phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability."
0
Attacker Value
Unknown
CVE-2006-5321
Disclosure Date: October 17, 2006 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
Attacker Value
Unknown
CVE-2006-5322
Disclosure Date: October 17, 2006 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
0
Attacker Value
Unknown
CVE-2006-5294
Disclosure Date: October 16, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter.
0
Attacker Value
Unknown
CVE-2006-1746
Disclosure Date: April 12, 2006 (last updated October 04, 2023)
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.
0
