Vulnerabilities > Artmedic Webdesign
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-15 | CVE-2008-0798 | Path Traversal vulnerability in Artmedic Webdesign Artmedic Weblog 1.0 Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. | 4.3 |
2008-02-13 | CVE-2008-0765 | Cross-Site Scripting vulnerability in Artmedic Webdesign Artmedic Weblog Multiple cross-site scripting (XSS) vulnerabilities in artmedic webdesign weblog allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to artmedic_print.php and the (2) jahrneu parameter to index.php. | 4.3 |
2007-10-19 | CVE-2007-5600 | Code Injection vulnerability in Artmedic Webdesign Artmedic CMS Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs. | 6.8 |
2007-10-17 | CVE-2007-5489 | Path Traversal vulnerability in Artmedic Webdesign Artmedic CMS 3.4 Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2006-09-21 | CVE-2006-4905 | Remote Security vulnerability in Artmedic Webdesign Artmedic Links 5.0 PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function. | 7.5 |
2006-05-26 | CVE-2006-2609 | Remote Security vulnerability in Artmedic Webdesign Artmedic Newsletter 4.1.2 artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. | 5.1 |
2006-05-26 | CVE-2006-2608 | Remote Script Execution vulnerability in Artmedic Webdesign Artmedic Newsletter 4.1 artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php. | 5.1 |
2006-05-01 | CVE-2006-2119 | Remote File Include vulnerability in Artmedic Event PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter. | 5.0 |
2004-12-06 | CVE-2004-0624 | Unspecified vulnerability in Artmedic Webdesign Artmedic Links 5.0 PHP remote file inclusion vulnerability in index.php for Artmedic links 5.0 (artmedic_links5) allows remote attackers to execute arbitrary PHP code by modifying the id parameter to reference a URL on a remote web server that contains the code. | 7.5 |