Vulnerabilities > Cutephp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-20 | CVE-2006-1925 | Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.1 Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. network cutephp | 4.3 |
| 2006-03-21 | CVE-2006-1340 | Local File Include vulnerability in CutePHP CuteNews CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an invalid file path. | 5.0 |
| 2006-03-21 | CVE-2006-1339 | Local File Include vulnerability in CutePHP CuteNews Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. | 5.0 |
| 2006-03-09 | CVE-2006-1121 | Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.1 Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php. network cutephp | 6.8 |
| 2006-02-25 | CVE-2006-0885 | Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.1 Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter. network cutephp | 4.3 |
| 2005-11-16 | CVE-2005-3592 | Remote Security vulnerability in CuteNews index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot slash) in the archive parameter. | 5.0 |
| 2005-11-06 | CVE-2005-3507 | Directory Traversal vulnerability in CutePHP CuteNews Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php. | 5.0 |
| 2005-09-21 | CVE-2005-3010 | Unspecified vulnerability in Cutephp Cutenews Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php. | 7.5 |
| 2005-09-21 | CVE-2005-3009 | Cross-Site Scripting vulnerability in CuteNews Cross-site scripting (XSS) vulnerability in CuteNews allows remote attackers to inject arbitrary web script or HTML via the mod parameter to index.php. network cutephp | 4.3 |
| 2005-07-27 | CVE-2005-2394 | Remote Security vulnerability in Cutephp Cutenews 1.3.6 show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the full path of the server via an invalid archive parameter. | 5.0 |