Vulnerabilities > Bugada Andrea
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-05-14 | CVE-2007-2659 | Directory Traversal vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.30 Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. | 5.0 |
| 2006-09-13 | CVE-2006-4749 | Remote Security vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.20 Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. | 7.5 |
| 2006-09-06 | CVE-2006-4594 | Remote File Include vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.20 Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. | 7.5 |
| 2005-09-20 | CVE-2005-3000 | Cross-Site Scripting vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.30 Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters. network bugada-andrea | 4.3 |
| 2005-09-20 | CVE-2005-2999 | Remote Security vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.30 PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain sensitive PHP configuration information via a direct request to test.php. | 5.0 |
| 2005-09-20 | CVE-2005-2998 | Remote Security vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.30 PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files. | 7.5 |
| 2005-09-20 | CVE-2005-2997 | Directory Traversal vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.30 Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via ".." sequences in (1) the currentdir parameter to txt.php, or the current_dir parameter to (2) htm.php or (3) html.php. | 5.0 |
| 2005-05-20 | CVE-2005-1681 | Remote Security vulnerability in Php Advanced Transfer Manager 1.20/1.21 PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php. | 7.5 |
| 2005-05-16 | CVE-2005-1604 | Unspecified vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.21 PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code. | 7.5 |