Tincan PHPList 2.10.2

CPE Details

Tincan PHPList 2.10.2
tincan
phplist
2.10.2
2007-08-23
19h16 +00:00
2011-05-06
18h16 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:tincan:phplist:2.10.2:*:*:*:*:*:*:*

Informations

Vendor

tincan

Product

phplist

Version

2.10.2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2012-5228 2012-10-01 18h00 +00:00 Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information.
4.3
CVE-2011-0748 2011-04-13 12h00 +00:00 Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.
6.8
CVE-2011-1682 2011-04-13 12h00 +00:00 Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
4.3
CVE-2009-0422 2009-02-04 23h00 +00:00 Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.
7.5
CVE-2008-5887 2009-01-12 18h27 +00:00 phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability."
5
CVE-2006-5321 2006-10-17 17h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
CVE-2006-5322 2006-10-17 15h00 +00:00 Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
7.5
CVE-2006-5294 2006-10-16 16h00 +00:00 Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter.
4.3
CVE-2006-1746 2006-04-12 20h00 +00:00 Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.
5
CVE-2005-2432 2005-08-03 02h00 +00:00 SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.
7.5
CVE-2005-2433 2005-08-03 02h00 +00:00 PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory, which reveal the path in an error message.
5