Vulnerabilities > Linpha

DATE CVE VULNERABILITY TITLE RISK
2014-12-12 CVE-2014-7265 Cross-Site Scripting vulnerability in Linpha
Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
linpha CWE-79
4.3
2011-09-23 CVE-2011-3753 Information Exposure vulnerability in Linpha 1.3.4
LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files.
network
low complexity
linpha CWE-200
5.0
2009-09-14 CVE-2008-7223 Cross-Site Scripting vulnerability in Linpha
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.
network
linpha CWE-79
4.3
2009-03-31 CVE-2008-6571 Cross-Site Scripting vulnerability in Linpha
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.
network
linpha CWE-79
4.3
2008-04-16 CVE-2008-1856 Improper Input Validation vulnerability in Linpha
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
network
high complexity
linpha CWE-20
5.1
2008-03-24 CVE-2008-1487 Cross-Site Scripting vulnerability in Linpha
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php.
network
linpha CWE-79
4.3
2007-07-30 CVE-2007-4053 SQL Injection vulnerability in LinPHA New_images.PHP
SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php.
network
low complexity
linpha
7.5
2006-04-20 CVE-2006-1924 Input Validation vulnerability in Linpha 1.0/1.1.0
SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
network
low complexity
linpha
6.4
2006-04-20 CVE-2006-1923 Input Validation vulnerability in Linpha 1.0/1.1.0
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors.
network
linpha
5.8
2006-04-19 CVE-2006-1848 Cross-Site Scripting vulnerability in Linpha 1.1.0
Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter.
network
high complexity
linpha
2.6