Vulnerabilities > Fuzzylime
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-23 | CVE-2009-2177 | Path Traversal vulnerability in Fuzzylime CMS 3.03A code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value. | 6.8 |
2009-06-23 | CVE-2009-2176 | Path Traversal vulnerability in Fuzzylime CMS 3.03A Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php. | 7.5 |
2009-06-22 | CVE-2008-6834 | Path Traversal vulnerability in Fuzzylime (Cms) 3.0.1/3.0.1A Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. | 10.0 |
2009-06-22 | CVE-2008-6833 | Path Traversal vulnerability in Fuzzylime (Cms) 3.0/3.0.1/3.0.1A Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. | 10.0 |
2008-12-01 | CVE-2008-5291 | Path Traversal vulnerability in Fuzzylime CMS 3.03 Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a different vector than CVE-2007-4805 and CVE-2008-3165. | 7.5 |
2008-09-24 | CVE-2008-3098 | Cross-Site Scripting vulnerability in Fuzzylime CMS Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form. | 4.3 |
2008-07-14 | CVE-2008-3165 | Path Traversal vulnerability in Fuzzylime CMS Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2008-07-14 | CVE-2008-3164 | Path Traversal vulnerability in Fuzzylime CMS 3.01 Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 7.6 |
2008-03-20 | CVE-2008-1405 | Code Injection vulnerability in Fuzzylime 3.01 PHP remote file inclusion vulnerability in code/display.php in fuzzylime (cms) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter. | 6.8 |
2007-09-11 | CVE-2007-4805 | Path Traversal vulnerability in Fuzzylime 3.0 Directory traversal vulnerability in getgalldata.php in fuzzylime (cms) 3.0 and earlier allows remote attackers to include arbitrary local files via a .. | 7.5 |