Vulnerabilities > Linpha > Linpha > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-14 | CVE-2008-7223 | Cross-Site Scripting vulnerability in Linpha Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php. | 4.3 |
| 2009-03-31 | CVE-2008-6571 | Cross-Site Scripting vulnerability in Linpha Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors. | 4.3 |
| 2008-04-16 | CVE-2008-1856 | Improper Input Validation vulnerability in Linpha plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration. | 5.1 |
| 2008-03-24 | CVE-2008-1487 | Cross-Site Scripting vulnerability in Linpha Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php. | 4.3 |
| 2006-04-20 | CVE-2006-1924 | Input Validation vulnerability in Linpha 1.0/1.1.0 SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 6.4 |
| 2006-04-20 | CVE-2006-1923 | Input Validation vulnerability in Linpha 1.0/1.1.0 Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors. network linpha | 5.8 |
| 2006-02-15 | CVE-2006-0713 | Local File Inclusion and PHP Code Injection vulnerability in LinPHA Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. | 5.0 |