Vulnerabilities > Comscripts

DATE CVE VULNERABILITY TITLE RISK
2010-03-25 CVE-2010-1115 Path Traversal vulnerability in Comscripts web Server Creator web Portal 0.1
Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a ..
network
low complexity
comscripts CWE-22
5.0
2010-03-25 CVE-2010-1114 Code Injection vulnerability in Comscripts web Server Creator web Portal 0.1
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php.
network
low complexity
comscripts CWE-94
7.5
2010-03-25 CVE-2010-1113 Cross-Site Scripting vulnerability in Comscripts web Server Creator web Portal 0.1
Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.
network
comscripts CWE-79
4.3
2009-04-07 CVE-2008-6655 Cross-Site Scripting vulnerability in Comscripts Gedcom TO Mysl 2
Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php.
network
comscripts CWE-79
4.3
2009-03-30 CVE-2008-6545 Code Injection vulnerability in Comscripts web Server Creator web Portal 0.1
PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter.
network
low complexity
comscripts CWE-94
7.5
2009-03-30 CVE-2008-6543 Code Injection vulnerability in Comscripts Quick Classifieds 1.0
Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) remember.php3 (10) sign-up.php3, (11) update.php3, (12) userSet.php3, and (13) verify.php3 in controlcenter/; (14) alterCats.php3, (15) alterFeatured.php3, (16) alterHomepage.php3, (17) alterNews.php3, (18) alterTheme.php3, (19) color_help.php3, (20) createdb.php3, (21) createFeatured.php3, (22) createHomepage.php3, (23) createL.php3, (24) createM.php3, (25) createNews.php3, (26) createP.php3, (27) createS.php3, (28) createT.php3, (29) index.php3, (30) mailadmin.php3, and (31) setUp.php3 in controlpannel/; (32) include/sendit.php3 and (33) include/sendit2.php3; and possibly (34) include/adminHead.inc, (35) include/usersHead.inc, and (36) style/default.scheme.inc.
network
low complexity
comscripts CWE-94
7.5
2007-09-18 CVE-2007-4937 Permissions, Privileges, and Access Controls vulnerability in Comscripts CS Guestbook
CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php.
network
low complexity
comscripts CWE-264
5.0
2007-03-02 CVE-2007-1144 Path Traversal vulnerability in Comscripts J-Web Pics Navigator 1.0/2.0
Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a ..
network
low complexity
comscripts CWE-22
5.0
2007-01-19 CVE-2007-0361 Remote File Include vulnerability in Comscripts PHPmyphorum 1.5A
PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.
network
low complexity
comscripts
7.5
2006-09-13 CVE-2006-4754 Multiple vulnerability in Comscripts PHProg 1.0
Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call.
network
comscripts
6.8