Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2006-08-29	CVE-2006-4425	Remote Security vulnerability in Coinsoft Technologies PHPcoin 1.2.3 Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. network high complexity coinsoft-technologies	5.1
2006-08-29	CVE-2006-4424	Remote File Include vulnerability in Coinsoft Technologies PHPcoin 1.2.3 PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter. network high complexity coinsoft-technologies	5.1
2006-05-17	CVE-2006-2422	Information Disclosure vulnerability in phpCOIN Email Address phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact". network low complexity coinsoft-technologies	5.0
2006-03-28	CVE-2006-1428	Cross-Site Scripting vulnerability in phpCOIN Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php. network coinsoft-technologies	4.3
2005-12-14	CVE-2005-4214	Information Exposure vulnerability in Coinsoft Technologies PHPcoin 1.2.2 phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined. network low complexity coinsoft-technologies CWE-200	5.0
2005-12-14	CVE-2005-4212	Unspecified vulnerability in Coinsoft Technologies PHPcoin 1.2.2 Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable. network low complexity coinsoft-technologies	5.0
2005-05-02	CVE-2005-0933	Remote vulnerability in PHPcoin 1.2.1/1.2.1B Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter. network low complexity coinsoft-technologies	5.0
2005-05-02	CVE-2005-0670	Remote Input Validation vulnerability in PHPcoin 1.2/1.2.1/1.2.1B Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts. network coinsoft-technologies	4.3