Vulnerabilities > Avatic > Aardvark Topsites PHP > 4.2.2

DATE CVE VULNERABILITY TITLE RISK
2009-07-02 CVE-2009-2304 Improper Input Validation vulnerability in Avatic Aardvark Topsites PHP
index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message.
network
low complexity
avatic CWE-20
5.0
5.0
2009-07-02 CVE-2009-2303 Improper Input Validation vulnerability in Avatic Aardvark Topsites PHP
index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message.
network
low complexity
avatic CWE-20
5.0
5.0
2009-07-02 CVE-2009-2302 Cross-Site Scripting vulnerability in Avatic Aardvark Topsites PHP
Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
network
avatic CWE-79
4.3
4.3
2006-05-03 CVE-2006-2149 Remote File Include vulnerability in Avatic Aardvark Topsites PHP 4.2.2
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.
network
low complexity
avatic
6.4
6.4