Vulnerabilities > Coinsoft Technologies

DATE CVE VULNERABILITY TITLE RISK
2006-08-29 CVE-2006-4425 Remote Security vulnerability in Coinsoft Technologies PHPcoin 1.2.3
Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php.
network
high complexity
coinsoft-technologies
5.1
2006-08-29 CVE-2006-4424 Remote File Include vulnerability in Coinsoft Technologies PHPcoin 1.2.3
PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter.
network
high complexity
coinsoft-technologies
5.1
2006-05-17 CVE-2006-2422 Information Disclosure vulnerability in phpCOIN Email Address
phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact".
network
low complexity
coinsoft-technologies
5.0
2006-03-28 CVE-2006-1428 Cross-Site Scripting vulnerability in phpCOIN
Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php.
4.3
2005-12-21 CVE-2005-4447 SQL-Injection vulnerability in phpCOIN
SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter.
network
low complexity
coinsoft-technologies
7.5
2005-12-14 CVE-2005-4214 Information Exposure vulnerability in Coinsoft Technologies PHPcoin 1.2.2
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.
network
low complexity
coinsoft-technologies CWE-200
5.0
2005-12-14 CVE-2005-4213 SQL Injection vulnerability in Coinsoft Technologies PHPcoin 1.2.2
SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie.
network
low complexity
coinsoft-technologies
7.5
2005-12-14 CVE-2005-4212 Unspecified vulnerability in Coinsoft Technologies PHPcoin 1.2.2
Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable.
network
low complexity
coinsoft-technologies
5.0
2005-12-14 CVE-2005-4211 Unspecified vulnerability in Coinsoft Technologies PHPcoin 1.2.2
PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable.
network
low complexity
coinsoft-technologies
7.5
2005-05-03 CVE-2005-1384 SQL Injection vulnerability in PHPcoin 1.2/1.2.1/1.2.1B
Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.
network
low complexity
coinsoft-technologies
7.5