Vulnerabilities > Phlymail

DATE CVE VULNERABILITY TITLE RISK
2006-08-22 CVE-2006-4291 Remote File Include vulnerability in RETIRED: PHlyMail Lite Mod.Listmail.PHP
PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter.
network
high complexity
phlymail
5.1
2005-12-31 CVE-2005-4666 Input Validation vulnerability in Phlymail 3.02.00/3.02.01
Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors.
network
phlymail
4.3
2005-12-31 CVE-2005-4652 Input Validation vulnerability in Phlymail 3.02.01
SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
network
low complexity
phlymail
6.4
2005-08-17 CVE-2005-2606 Authentication Bypass vulnerability in Phlymail 3.02.00
Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors.
network
low complexity
phlymail
7.5