Vulnerabilities > Coinsoft Technologies > Phpcoin > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-29 | CVE-2006-4425 | Remote Security vulnerability in Coinsoft Technologies PHPcoin 1.2.3 Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. | 5.1 |
| 2006-08-29 | CVE-2006-4424 | Remote File Include vulnerability in Coinsoft Technologies PHPcoin 1.2.3 PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter. | 5.1 |
| 2006-05-17 | CVE-2006-2422 | Information Disclosure vulnerability in phpCOIN Email Address phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact". | 5.0 |
| 2006-03-28 | CVE-2006-1428 | Cross-Site Scripting vulnerability in phpCOIN Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php. network coinsoft-technologies | 4.3 |
| 2005-12-14 | CVE-2005-4214 | Information Exposure vulnerability in Coinsoft Technologies PHPcoin 1.2.2 phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined. | 5.0 |
| 2005-12-14 | CVE-2005-4212 | Unspecified vulnerability in Coinsoft Technologies PHPcoin 1.2.2 Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable. | 5.0 |
| 2005-05-02 | CVE-2005-0933 | Remote vulnerability in PHPcoin 1.2.1/1.2.1B Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter. | 5.0 |
| 2005-05-02 | CVE-2005-0670 | Remote Input Validation vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts. network coinsoft-technologies | 4.3 |