Vulnerabilities > H FJ

DATE CVE VULNERABILITY TITLE RISK
2015-05-25 CVE-2015-2945 Code Injection vulnerability in H-Fj Mt-PHPincgi
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015.
network
low complexity
h-fj CWE-94
7.5
2012-01-04 CVE-2007-6751 Cross-Site Scripting vulnerability in H-Fj Mailform Plugin 1.00/1.10
Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
h-fj sixapart CWE-79
4.3