Vulnerabilities > Falcon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-20 | CVE-2007-6490 | Cross-Site Request Forgery (CSRF) vulnerability in Falcon Series ONE CMS 1.4.3 Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. | 4.3 |
| 2007-12-20 | CVE-2007-6489 | Cross-Site Scripting vulnerability in Falcon Series ONE CMS 1.4.3 Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors. | 7.5 |
| 2007-12-20 | CVE-2007-6488 | Improper Input Validation vulnerability in Falcon Series ONE CMS 1.4.3 Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php. | 6.8 |
| 1999-10-28 | CVE-1999-0882 | Unspecified vulnerability in Falcon web Server 1.0.0.1006 Falcon web server allows remote attackers to determine the absolute path of the web root via long file names. | 5.0 |