Vulnerabilities > Linpha > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-12-12 CVE-2014-7265 Cross-Site Scripting vulnerability in Linpha
Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
linpha CWE-79
4.3
2011-09-23 CVE-2011-3753 Information Exposure vulnerability in Linpha 1.3.4
LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files.
network
low complexity
linpha CWE-200
5.0
2009-09-14 CVE-2008-7223 Cross-Site Scripting vulnerability in Linpha
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.
network
linpha CWE-79
4.3
2009-03-31 CVE-2008-6571 Cross-Site Scripting vulnerability in Linpha
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.
network
linpha CWE-79
4.3
2008-04-16 CVE-2008-1856 Improper Input Validation vulnerability in Linpha
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
network
high complexity
linpha CWE-20
5.1
2008-03-24 CVE-2008-1487 Cross-Site Scripting vulnerability in Linpha
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, and (5) plugins/stats/stats_view.php.
network
linpha CWE-79
4.3
2006-04-20 CVE-2006-1924 Input Validation vulnerability in Linpha 1.0/1.1.0
SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
network
low complexity
linpha
6.4
2006-04-20 CVE-2006-1923 Input Validation vulnerability in Linpha 1.0/1.1.0
Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors.
network
linpha
5.8
2006-02-15 CVE-2006-0713 Local File Inclusion and PHP Code Injection vulnerability in LinPHA
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via ..
network
low complexity
linpha
5.0