Vulnerabilities > Gianluca Baldo

DATE CVE VULNERABILITY TITLE RISK
2006-08-05 CVE-2006-3984 Remote File Include vulnerability in PHPAuction PHPAds_Path Variable
PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter.
network
low complexity
gianluca-baldo phpadsnew
7.5
2005-07-13 CVE-2005-2255 Directory Traversal vulnerability in Gianluca Baldo PHPauction 2.5
Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.
network
low complexity
gianluca-baldo
6.4
2005-07-13 CVE-2005-2254 Cross-Site Scripting vulnerability in Gianluca Baldo PHPauction 2.5
Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php.
4.3
2005-07-13 CVE-2005-2253 SQL-Injection vulnerability in Gianluca Baldo PHPauction 2.5
SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php.
network
low complexity
gianluca-baldo
7.5
2005-07-13 CVE-2005-2252 Security Bypass vulnerability in Gianluca Baldo PHPauction 2.5
PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.
network
low complexity
gianluca-baldo
7.5
2002-10-04 CVE-2002-0995 Unspecified vulnerability in Gianluca Baldo PHPauction
login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.
network
low complexity
gianluca-baldo
7.5