Vulnerabilities > Lightneasy

DATE CVE VULNERABILITY TITLE RISK
2009-04-03 CVE-2008-6590 Path Traversal vulnerability in multiple products
Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a ..
network
low complexity
lightneasy sqlite CWE-22
5.0
2009-04-03 CVE-2008-6589 Cross-Site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.
4.3
2009-03-30 CVE-2008-6537 Information Exposure vulnerability in Lightneasy 1.2
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
network
low complexity
lightneasy CWE-200
5.0