Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
37 vulnerabilities found for LinPHA by LinPHA
CVE-2014-7265 (GCVE-0-2014-7265)
Vulnerability from nvd – Published: 2014-12-12 11:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2014-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:31.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000150",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150"
},
{
"name": "JVN#61181790",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN61181790/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T05:57:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000150",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150"
},
{
"name": "JVN#61181790",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN61181790/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-7265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000150",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150"
},
{
"name": "JVN#61181790",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN61181790/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-7265",
"datePublished": "2014-12-12T11:00:00.000Z",
"dateReserved": "2014-09-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:47:31.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3753 (GCVE-0-2011-3753)
Vulnerability from nvd – Published: 2011-09-23 23:00 – Updated: 2024-09-16 23:01
VLAI?
Summary
LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/linpha-1.3.4"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/linpha-1.3.4"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/linpha-1.3.4",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/linpha-1.3.4"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3753",
"datePublished": "2011-09-23T23:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:01:23.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7223 (GCVE-0-2008-7223)
Vulnerability from nvd – Published: 2009-09-14 14:00 – Updated: 2024-09-16 18:09
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/linpha/releases/271366"
},
{
"name": "43191",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43191"
},
{
"name": "27678",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27678"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-14T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/linpha/releases/271366"
},
{
"name": "43191",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43191"
},
{
"name": "27678",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27678"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://freshmeat.net/projects/linpha/releases/271366",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/linpha/releases/271366"
},
{
"name": "43191",
"refsource": "OSVDB",
"url": "http://osvdb.org/43191"
},
{
"name": "27678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27678"
},
{
"name": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup",
"refsource": "CONFIRM",
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7223",
"datePublished": "2009-09-14T14:00:00.000Z",
"dateReserved": "2009-09-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:09:17.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6571 (GCVE-0-2008-6571)
Vulnerability from nvd – Published: 2009-03-31 17:00 – Updated: 2024-09-17 00:50
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50225",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50225"
},
{
"name": "29724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29724"
},
{
"name": "50226",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50226"
},
{
"name": "50227",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50227"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-31T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50225",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50225"
},
{
"name": "29724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29724"
},
{
"name": "50226",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50226"
},
{
"name": "50227",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50227"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50225",
"refsource": "OSVDB",
"url": "http://osvdb.org/50225"
},
{
"name": "29724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29724"
},
{
"name": "50226",
"refsource": "OSVDB",
"url": "http://osvdb.org/50226"
},
{
"name": "50227",
"refsource": "OSVDB",
"url": "http://osvdb.org/50227"
},
{
"name": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup",
"refsource": "CONFIRM",
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6571",
"datePublished": "2009-03-31T17:00:00.000Z",
"dateReserved": "2009-03-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:50:45.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1856 (GCVE-0-2008-1856)
Vulnerability from nvd – Published: 2008-04-16 19:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2008-04-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "linpha-mapmainclass-file-include(41676)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41676"
},
{
"name": "5392",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=595725"
},
{
"name": "50229",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/50229"
},
{
"name": "29724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29724"
},
{
"name": "28654",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28654"
},
{
"name": "ADV-2008-1136",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "linpha-mapmainclass-file-include(41676)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41676"
},
{
"name": "5392",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=595725"
},
{
"name": "50229",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/50229"
},
{
"name": "29724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29724"
},
{
"name": "28654",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28654"
},
{
"name": "ADV-2008-1136",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "linpha-mapmainclass-file-include(41676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41676"
},
{
"name": "5392",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5392"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=595725",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=595725"
},
{
"name": "50229",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50229"
},
{
"name": "29724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29724"
},
{
"name": "28654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28654"
},
{
"name": "ADV-2008-1136",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1856",
"datePublished": "2008-04-16T19:00:00.000Z",
"dateReserved": "2008-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:40:59.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1487 (GCVE-0-2008-1487)
Vulnerability from nvd – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2008-03-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29525"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linpha.sourceforge.net/wiki/index.php/Release_Notes#Version_1.3.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-04-01T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29525"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linpha.sourceforge.net/wiki/index.php/Release_Notes#Version_1.3.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29525"
},
{
"name": "http://linpha.sourceforge.net/wiki/index.php/Release_Notes#Version_1.3.3",
"refsource": "CONFIRM",
"url": "http://linpha.sourceforge.net/wiki/index.php/Release_Notes#Version_1.3.3"
},
{
"name": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup",
"refsource": "CONFIRM",
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1487",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:41.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4053 (GCVE-0-2007-4053)
Vulnerability from nvd – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2007-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26259"
},
{
"name": "ADV-2007-2692",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2692"
},
{
"name": "4242",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4242"
},
{
"name": "36286",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36286"
},
{
"name": "25119",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25119"
},
{
"name": "linpha-newimages-sql-injection(35674)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26259"
},
{
"name": "ADV-2007-2692",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2692"
},
{
"name": "4242",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4242"
},
{
"name": "36286",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36286"
},
{
"name": "25119",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25119"
},
{
"name": "linpha-newimages-sql-injection(35674)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35674"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26259"
},
{
"name": "ADV-2007-2692",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2692"
},
{
"name": "4242",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4242"
},
{
"name": "36286",
"refsource": "OSVDB",
"url": "http://osvdb.org/36286"
},
{
"name": "25119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25119"
},
{
"name": "linpha-newimages-sql-injection(35674)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35674"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4053",
"datePublished": "2007-07-30T17:00:00.000Z",
"dateReserved": "2007-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:06.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1924 (GCVE-0-2006-1924)
Vulnerability from nvd – Published: 2006-04-20 18:00 – Updated: 2024-08-07 17:27
VLAI?
Summary
SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2006-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "linpha-functionsdbapi-sql-injection(26268)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26268"
},
{
"name": "24817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24817"
},
{
"name": "17619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17619"
},
{
"name": "ADV-2006-1424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"name": "20060420 LinPHA provenance/acknowledgement",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"name": "19719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "linpha-functionsdbapi-sql-injection(26268)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26268"
},
{
"name": "24817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24817"
},
{
"name": "17619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17619"
},
{
"name": "ADV-2006-1424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"name": "20060420 LinPHA provenance/acknowledgement",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"name": "19719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "linpha-functionsdbapi-sql-injection(26268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26268"
},
{
"name": "24817",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24817"
},
{
"name": "17619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17619"
},
{
"name": "ADV-2006-1424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"name": "20060420 LinPHA provenance/acknowledgement",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"name": "19719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1924",
"datePublished": "2006-04-20T18:00:00.000Z",
"dateReserved": "2006-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:27:29.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1923 (GCVE-0-2006-1923)
Vulnerability from nvd – Published: 2006-04-20 18:00 – Updated: 2024-08-07 17:27
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2006-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24816",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24816"
},
{
"name": "17619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17619"
},
{
"name": "ADV-2006-1424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"name": "20060420 LinPHA provenance/acknowledgement",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"name": "19719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19719"
},
{
"name": "linpha-rss-xss(26269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26269"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24816",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24816"
},
{
"name": "17619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17619"
},
{
"name": "ADV-2006-1424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"name": "20060420 LinPHA provenance/acknowledgement",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"name": "19719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19719"
},
{
"name": "linpha-rss-xss(26269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26269"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24816",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24816"
},
{
"name": "17619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17619"
},
{
"name": "ADV-2006-1424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"name": "20060420 LinPHA provenance/acknowledgement",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"name": "19719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19719"
},
{
"name": "linpha-rss-xss(26269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26269"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1923",
"datePublished": "2006-04-20T18:00:00.000Z",
"dateReserved": "2006-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:27:29.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1848 (GCVE-0-2006-1848)
Vulnerability from nvd – Published: 2006-04-19 16:00 – Updated: 2024-08-07 17:27
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2006-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://d4igoro.blogspot.com/2006/04/linpha-xss-vulnerabilities.html"
},
{
"name": "linpha-statsview-xss(25916)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25916"
},
{
"name": "ADV-2006-1396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1396"
},
{
"name": "20060417 Linpha 1.1.0 - XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431242/100/0/threaded"
},
{
"name": "19679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19679"
},
{
"name": "17581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://d4igoro.blogspot.com/2006/04/linpha-xss-vulnerabilities.html"
},
{
"name": "linpha-statsview-xss(25916)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25916"
},
{
"name": "ADV-2006-1396",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1396"
},
{
"name": "20060417 Linpha 1.1.0 - XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431242/100/0/threaded"
},
{
"name": "19679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19679"
},
{
"name": "17581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://d4igoro.blogspot.com/2006/04/linpha-xss-vulnerabilities.html",
"refsource": "MISC",
"url": "http://d4igoro.blogspot.com/2006/04/linpha-xss-vulnerabilities.html"
},
{
"name": "linpha-statsview-xss(25916)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25916"
},
{
"name": "ADV-2006-1396",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1396"
},
{
"name": "20060417 Linpha 1.1.0 - XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431242/100/0/threaded"
},
{
"name": "19679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19679"
},
{
"name": "17581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1848",
"datePublished": "2006-04-19T16:00:00.000Z",
"dateReserved": "2006-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:27:29.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2014-7265
Vulnerability from fkie_nvd - Published: 2014-12-12 11:59 - Updated: 2026-05-06 22:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN61181790/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN61181790/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linpha:linpha:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27BAF5E-6032-4041-B838-E1AFC712B593",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en LinPHA permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-7265",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-12T11:59:04.813",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN61181790/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN61181790/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3753
Vulnerability from fkie_nvd - Published: 2011-09-23 23:55 - Updated: 2026-04-29 01:13
Severity ?
Summary
LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A0B076-7638-493A-9261-7BCEBD22A2A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files."
},
{
"lang": "es",
"value": "LinPHA v1.3.4 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con viewer.php y algunos otros archivos."
}
],
"id": "CVE-2011-3753",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-23T23:55:04.050",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/linpha-1.3.4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/linpha-1.3.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-7223
Vulnerability from fkie_nvd - Published: 2009-09-14 14:30 - Updated: 2026-04-23 00:35
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linpha | linpha | * | |
| linpha | linpha | 0.9.0 | |
| linpha | linpha | 0.9.1 | |
| linpha | linpha | 0.9.2 | |
| linpha | linpha | 0.9.3 | |
| linpha | linpha | 0.9.4 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.1.0 | |
| linpha | linpha | 1.1.1 | |
| linpha | linpha | 1.2.0 | |
| linpha | linpha | 1.3.0 | |
| linpha | linpha | 1.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linpha:linpha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCA245C-A695-478D-A1E4-BCFDE7242E1D",
"versionEndIncluding": "1.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EE653B-2731-4C3E-A7D0-3465276E879C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "108B066B-28C1-4888-B696-78F816A89B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9113509A-C884-46F4-BE97-C49382536FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD294BF-79FE-4940-B2D1-CB2506370EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "00E9B8B3-87E5-46A5-8242-04E620D54086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F46907-9618-4F1C-8C68-E33EBC8E32B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0E05B25E-8507-4B40-AD6B-835019EF06EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C16546DA-1516-47C1-B603-34AF3DE3A9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "656D37D2-289D-49EB-AB25-D8522AB8A79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "059C1787-16E2-48BA-96A2-092F58E6F53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A16B7211-B340-4E4E-A016-74F7596A7B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F06B06C9-CE7F-45A1-946E-C3D3BF843FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B371E12C-9CB4-4E03-8B1E-F8A858AD5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4ECA9FA-1BC3-4644-8A7D-F27DE382B519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C616987-BB74-4781-850E-22EA77D61D21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS), en LinPHA anterior a v1.3.3, permiten a atacantes remotos inyectar secuencias de comandos Web o HTML a trav\u00e9s de (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php o (5) plugins/stats/stats_view.php."
}
],
"id": "CVE-2008-7223",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-09-14T14:30:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://freshmeat.net/projects/linpha/releases/271366"
},
{
"source": "cve@mitre.org",
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/43191"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://freshmeat.net/projects/linpha/releases/271366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/43191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27678"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6571
Vulnerability from fkie_nvd - Published: 2009-03-31 17:30 - Updated: 2026-04-23 00:35
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linpha | linpha | * | |
| linpha | linpha | 0.9.0 | |
| linpha | linpha | 0.9.1 | |
| linpha | linpha | 0.9.2 | |
| linpha | linpha | 0.9.3 | |
| linpha | linpha | 0.9.4 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.1.0 | |
| linpha | linpha | 1.1.1 | |
| linpha | linpha | 1.2.0 | |
| linpha | linpha | 1.3.0 | |
| linpha | linpha | 1.3.1 | |
| linpha | linpha | 1.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linpha:linpha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1B0AB37-187C-4144-996C-77B60349513F",
"versionEndIncluding": "1.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EE653B-2731-4C3E-A7D0-3465276E879C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "108B066B-28C1-4888-B696-78F816A89B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9113509A-C884-46F4-BE97-C49382536FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD294BF-79FE-4940-B2D1-CB2506370EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "00E9B8B3-87E5-46A5-8242-04E620D54086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F46907-9618-4F1C-8C68-E33EBC8E32B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0E05B25E-8507-4B40-AD6B-835019EF06EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C16546DA-1516-47C1-B603-34AF3DE3A9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "656D37D2-289D-49EB-AB25-D8522AB8A79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "059C1787-16E2-48BA-96A2-092F58E6F53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A16B7211-B340-4E4E-A016-74F7596A7B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F06B06C9-CE7F-45A1-946E-C3D3BF843FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B371E12C-9CB4-4E03-8B1E-F8A858AD5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4ECA9FA-1BC3-4644-8A7D-F27DE382B519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C616987-BB74-4781-850E-22EA77D61D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27827923-6084-46C8-A7E1-94B0B4D181BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en LinPHA anterior a v1.3.4 podr\u00eda permitir a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) new_images.php, (2) login.php y vectores no especificados."
}
],
"id": "CVE-2008-6571",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-31T17:30:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50225"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50226"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50227"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29724"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1856
Vulnerability from fkie_nvd - Published: 2008-04-16 19:05 - Updated: 2026-04-23 00:35
Severity ?
Summary
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linpha | linpha | * | |
| linpha | linpha | 0.9.0 | |
| linpha | linpha | 0.9.1 | |
| linpha | linpha | 0.9.2 | |
| linpha | linpha | 0.9.3 | |
| linpha | linpha | 0.9.4 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.0 | |
| linpha | linpha | 1.1.0 | |
| linpha | linpha | 1.1.1 | |
| linpha | linpha | 1.2.0 | |
| linpha | linpha | 1.3.0 | |
| linpha | linpha | 1.3.1 | |
| linpha | linpha | 1.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linpha:linpha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C3C962-F6F4-441E-9CE2-80EE8BBF1E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EE653B-2731-4C3E-A7D0-3465276E879C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "108B066B-28C1-4888-B696-78F816A89B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9113509A-C884-46F4-BE97-C49382536FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD294BF-79FE-4940-B2D1-CB2506370EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "00E9B8B3-87E5-46A5-8242-04E620D54086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0E05B25E-8507-4B40-AD6B-835019EF06EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C16546DA-1516-47C1-B603-34AF3DE3A9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "656D37D2-289D-49EB-AB25-D8522AB8A79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "059C1787-16E2-48BA-96A2-092F58E6F53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A16B7211-B340-4E4E-A016-74F7596A7B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F06B06C9-CE7F-45A1-946E-C3D3BF843FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B371E12C-9CB4-4E03-8B1E-F8A858AD5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4ECA9FA-1BC3-4644-8A7D-F27DE382B519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C616987-BB74-4781-850E-22EA77D61D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27827923-6084-46C8-A7E1-94B0B4D181BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration."
},
{
"lang": "es",
"value": "plugins/maps/db_handler.php en LinPHA 1.3.3 y anteriores no requiere autenticaci\u00f3n para una acci\u00f3n \"settings\" que modifica el fichero de configuraci\u00f3n, lo que permite a atacantes remotos llevar a cabo ataque de salto de directorio y ejecutar archivos locales de su elecci\u00f3n colocando secuencias de salto de directorio en la configuraci\u00f3n de maps_type y a continuaci\u00f3n enviando la petici\u00f3n a maps_view.php, lo que provoca que plugins/maps/map.main.class.php use la configuraci\u00f3n modificada."
}
],
"id": "CVE-2008-1856",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-16T19:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29724"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=595725"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/50229"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28654"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1136"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41676"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=595725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/50229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5392"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1487
Vulnerability from fkie_nvd - Published: 2008-03-24 23:44 - Updated: 2026-04-23 00:35
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linpha:linpha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCA245C-A695-478D-A1E4-BCFDE7242E1D",
"versionEndIncluding": "1.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F46907-9618-4F1C-8C68-E33EBC8E32B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A16B7211-B340-4E4E-A016-74F7596A7B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F06B06C9-CE7F-45A1-946E-C3D3BF843FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B371E12C-9CB4-4E03-8B1E-F8A858AD5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4ECA9FA-1BC3-4644-8A7D-F27DE382B519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C616987-BB74-4781-850E-22EA77D61D21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en LinPHA antes de 1.3.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de 1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php y (5) plugins/stats/stats_view.php."
}
],
"id": "CVE-2008-1487",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-24T23:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://linpha.sourceforge.net/wiki/index.php/Release_Notes#Version_1.3.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://linpha.sourceforge.net/wiki/index.php/Release_Notes#Version_1.3.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29525"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4053
Vulnerability from fkie_nvd - Published: 2007-07-30 17:30 - Updated: 2026-04-23 00:35
Severity ?
Summary
SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linpha:linpha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2C0686-C70E-44A8-90EF-5D869C43BA42",
"versionEndIncluding": "1.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en include/img_view.class.php de LinPHA 1.3.1 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro order de new_images.php."
}
],
"id": "CVE-2007-4053",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-30T17:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36286"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26259"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25119"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2692"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35674"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4242"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1924
Vulnerability from fkie_nvd - Published: 2006-04-20 18:06 - Updated: 2026-04-16 00:27
Severity ?
Summary
SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F46907-9618-4F1C-8C68-E33EBC8E32B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A16B7211-B340-4E4E-A016-74F7596A7B2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"id": "CVE-2006-1924",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-20T18:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19719"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24817"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17619"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26268"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1923
Vulnerability from fkie_nvd - Published: 2006-04-20 18:06 - Updated: 2026-04-16 00:27
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linpha:linpha:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8F46907-9618-4F1C-8C68-E33EBC8E32B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A16B7211-B340-4E4E-A016-74F7596A7B2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors."
}
],
"id": "CVE-2006-1923",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-20T18:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/19719"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24816"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17619"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/19719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26269"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1848
Vulnerability from fkie_nvd - Published: 2006-04-19 16:06 - Updated: 2026-04-16 00:27
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linpha:linpha:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A16B7211-B340-4E4E-A016-74F7596A7B2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter."
}
],
"id": "CVE-2006-1848",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-04-19T16:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://d4igoro.blogspot.com/2006/04/linpha-xss-vulnerabilities.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19679"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431242/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17581"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1396"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://d4igoro.blogspot.com/2006/04/linpha-xss-vulnerabilities.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431242/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25916"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-7265 (GCVE-0-2014-7265)
Vulnerability from cvelistv5 – Published: 2014-12-12 11:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2014-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:31.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000150",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150"
},
{
"name": "JVN#61181790",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN61181790/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T05:57:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000150",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150"
},
{
"name": "JVN#61181790",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN61181790/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-7265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000150",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000150"
},
{
"name": "JVN#61181790",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN61181790/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-7265",
"datePublished": "2014-12-12T11:00:00.000Z",
"dateReserved": "2014-09-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:47:31.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3753 (GCVE-0-2011-3753)
Vulnerability from cvelistv5 – Published: 2011-09-23 23:00 – Updated: 2024-09-16 23:01
VLAI?
Summary
LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/linpha-1.3.4"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/linpha-1.3.4"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/linpha-1.3.4",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/linpha-1.3.4"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3753",
"datePublished": "2011-09-23T23:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:01:23.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7223 (GCVE-0-2008-7223)
Vulnerability from cvelistv5 – Published: 2009-09-14 14:00 – Updated: 2024-09-16 18:09
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/linpha/releases/271366"
},
{
"name": "43191",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43191"
},
{
"name": "27678",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27678"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-14T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/linpha/releases/271366"
},
{
"name": "43191",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43191"
},
{
"name": "27678",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27678"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://freshmeat.net/projects/linpha/releases/271366",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/linpha/releases/271366"
},
{
"name": "43191",
"refsource": "OSVDB",
"url": "http://osvdb.org/43191"
},
{
"name": "27678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27678"
},
{
"name": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup",
"refsource": "CONFIRM",
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7223",
"datePublished": "2009-09-14T14:00:00.000Z",
"dateReserved": "2009-09-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:09:17.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6571 (GCVE-0-2008-6571)
Vulnerability from cvelistv5 – Published: 2009-03-31 17:00 – Updated: 2024-09-17 00:50
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50225",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50225"
},
{
"name": "29724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29724"
},
{
"name": "50226",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50226"
},
{
"name": "50227",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50227"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-31T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50225",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50225"
},
{
"name": "29724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29724"
},
{
"name": "50226",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50226"
},
{
"name": "50227",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50227"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50225",
"refsource": "OSVDB",
"url": "http://osvdb.org/50225"
},
{
"name": "29724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29724"
},
{
"name": "50226",
"refsource": "OSVDB",
"url": "http://osvdb.org/50226"
},
{
"name": "50227",
"refsource": "OSVDB",
"url": "http://osvdb.org/50227"
},
{
"name": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup",
"refsource": "CONFIRM",
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6571",
"datePublished": "2009-03-31T17:00:00.000Z",
"dateReserved": "2009-03-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:50:45.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1856 (GCVE-0-2008-1856)
Vulnerability from cvelistv5 – Published: 2008-04-16 19:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2008-04-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "linpha-mapmainclass-file-include(41676)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41676"
},
{
"name": "5392",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=595725"
},
{
"name": "50229",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/50229"
},
{
"name": "29724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29724"
},
{
"name": "28654",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28654"
},
{
"name": "ADV-2008-1136",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "linpha-mapmainclass-file-include(41676)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41676"
},
{
"name": "5392",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=595725"
},
{
"name": "50229",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/50229"
},
{
"name": "29724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29724"
},
{
"name": "28654",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28654"
},
{
"name": "ADV-2008-1136",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "linpha-mapmainclass-file-include(41676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41676"
},
{
"name": "5392",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5392"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=595725",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=595725"
},
{
"name": "50229",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50229"
},
{
"name": "29724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29724"
},
{
"name": "28654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28654"
},
{
"name": "ADV-2008-1136",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1856",
"datePublished": "2008-04-16T19:00:00.000Z",
"dateReserved": "2008-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:40:59.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1487 (GCVE-0-2008-1487)
Vulnerability from cvelistv5 – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2008-03-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29525"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linpha.sourceforge.net/wiki/index.php/Release_Notes#Version_1.3.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-04-01T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29525"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linpha.sourceforge.net/wiki/index.php/Release_Notes#Version_1.3.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29525"
},
{
"name": "http://linpha.sourceforge.net/wiki/index.php/Release_Notes#Version_1.3.3",
"refsource": "CONFIRM",
"url": "http://linpha.sourceforge.net/wiki/index.php/Release_Notes#Version_1.3.3"
},
{
"name": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup",
"refsource": "CONFIRM",
"url": "http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1487",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:41.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4053 (GCVE-0-2007-4053)
Vulnerability from cvelistv5 – Published: 2007-07-30 17:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2007-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26259"
},
{
"name": "ADV-2007-2692",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2692"
},
{
"name": "4242",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4242"
},
{
"name": "36286",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36286"
},
{
"name": "25119",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25119"
},
{
"name": "linpha-newimages-sql-injection(35674)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26259"
},
{
"name": "ADV-2007-2692",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2692"
},
{
"name": "4242",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4242"
},
{
"name": "36286",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36286"
},
{
"name": "25119",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25119"
},
{
"name": "linpha-newimages-sql-injection(35674)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35674"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26259"
},
{
"name": "ADV-2007-2692",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2692"
},
{
"name": "4242",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4242"
},
{
"name": "36286",
"refsource": "OSVDB",
"url": "http://osvdb.org/36286"
},
{
"name": "25119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25119"
},
{
"name": "linpha-newimages-sql-injection(35674)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35674"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4053",
"datePublished": "2007-07-30T17:00:00.000Z",
"dateReserved": "2007-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:06.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1924 (GCVE-0-2006-1924)
Vulnerability from cvelistv5 – Published: 2006-04-20 18:00 – Updated: 2024-08-07 17:27
VLAI?
Summary
SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2006-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "linpha-functionsdbapi-sql-injection(26268)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26268"
},
{
"name": "24817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24817"
},
{
"name": "17619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17619"
},
{
"name": "ADV-2006-1424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"name": "20060420 LinPHA provenance/acknowledgement",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"name": "19719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "linpha-functionsdbapi-sql-injection(26268)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26268"
},
{
"name": "24817",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24817"
},
{
"name": "17619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17619"
},
{
"name": "ADV-2006-1424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"name": "20060420 LinPHA provenance/acknowledgement",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"name": "19719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "linpha-functionsdbapi-sql-injection(26268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26268"
},
{
"name": "24817",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24817"
},
{
"name": "17619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17619"
},
{
"name": "ADV-2006-1424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"name": "20060420 LinPHA provenance/acknowledgement",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"name": "19719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1924",
"datePublished": "2006-04-20T18:00:00.000Z",
"dateReserved": "2006-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:27:29.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1923 (GCVE-0-2006-1923)
Vulnerability from cvelistv5 – Published: 2006-04-20 18:00 – Updated: 2024-08-07 17:27
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2006-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24816",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24816"
},
{
"name": "17619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17619"
},
{
"name": "ADV-2006-1424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"name": "20060420 LinPHA provenance/acknowledgement",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"name": "19719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19719"
},
{
"name": "linpha-rss-xss(26269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26269"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24816",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24816"
},
{
"name": "17619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17619"
},
{
"name": "ADV-2006-1424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"name": "20060420 LinPHA provenance/acknowledgement",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"name": "19719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19719"
},
{
"name": "linpha-rss-xss(26269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26269"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24816",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24816"
},
{
"name": "17619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17619"
},
{
"name": "ADV-2006-1424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1424"
},
{
"name": "20060420 LinPHA provenance/acknowledgement",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-April/000709.html"
},
{
"name": "19719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19719"
},
{
"name": "linpha-rss-xss(26269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26269"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1923",
"datePublished": "2006-04-20T18:00:00.000Z",
"dateReserved": "2006-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:27:29.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2014-000150
Vulnerability from jvndb - Published: 2014-12-12 13:48 - Updated:2014-12-16 17:07Summary
LinPHA vulnerable to cross-site scripting
Details
LinPHA is a software to manage and host image files on the web. LinPHA contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000150.html",
"dc:date": "2014-12-16T17:07+09:00",
"dcterms:issued": "2014-12-12T13:48+09:00",
"dcterms:modified": "2014-12-16T17:07+09:00",
"description": "LinPHA is a software to manage and host image files on the web. LinPHA contains a cross-site scripting vulnerability.\r\n\r\nDaiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000150.html",
"sec:cpe": {
"#text": "cpe:/a:linpha:linpha",
"@product": "LinPHA",
"@vendor": "LinPHA",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000150",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN61181790/index.html",
"@id": "JVN#61181790",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7265",
"@id": "CVE-2014-7265",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7265",
"@id": "CVE-2014-7265",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "LinPHA vulnerable to cross-site scripting"
}