Vulnerabilities > Lightneasy

DATE CVE VULNERABILITY TITLE RISK
2011-10-04 CVE-2011-3978 Cross-Site Scripting vulnerability in Lightneasy 3.2.4
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page.
network
lightneasy CWE-79
3.5
2011-03-01 CVE-2010-4753 Cross-Site Scripting vulnerability in Lightneasy 3.2.1
Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message.
network
lightneasy CWE-79
4.3
2011-03-01 CVE-2010-4752 SQL Injection vulnerability in Lightneasy 3.2.1
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485.
network
lightneasy CWE-89
6.8
2011-03-01 CVE-2010-4751 SQL Injection vulnerability in Lightneasy 3.2.1
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485.
network
lightneasy CWE-89
6.0
2010-09-22 CVE-2010-3485 SQL Injection vulnerability in Lightneasy 3.2.1
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593.
network
low complexity
lightneasy CWE-89
7.5
2010-09-22 CVE-2010-3484 SQL Injection vulnerability in Lightneasy 3.2.1
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.
network
low complexity
lightneasy CWE-89
7.5
2009-06-05 CVE-2009-1937 Cross-Site Scripting vulnerability in Lightneasy 2.2.1/2.2.2
Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemail (aka Email), and (3) commentmessage (aka Comment) parameters.
network
lightneasy CWE-79
4.3
2009-04-03 CVE-2008-6593 SQL Injection vulnerability in multiple products
SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.
network
low complexity
lightneasy sqlite CWE-89
7.5
2009-04-03 CVE-2008-6592 Path Traversal vulnerability in multiple products
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
network
low complexity
lightneasy sqlite CWE-22
7.5
2009-04-03 CVE-2008-6591 Code Injection vulnerability in Lightneasy 1.2.2
LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php.
network
low complexity
lightneasy CWE-94
5.0