Vulnerabilities > Reamday Enterprises
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-02 | CVE-2007-1142 | Cross-Site Scripting vulnerability in Reamday Enterprises Magic News Plus 1.0.2 Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php. | 4.3 |
2007-03-02 | CVE-2007-1141 | Code Injection vulnerability in Reamday Enterprises Magic News Plus 1.0.2 PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. | 7.5 |
2006-09-15 | CVE-2006-4823 | Remote File Include vulnerability in Reamday Enterprises Magic News Pro News_page.PHP PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter. | 7.5 |
2006-02-16 | CVE-2006-0724 | Variable Overwrite vulnerability in Reamday Enterprises Magic News Lite 1.2.3 profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized. | 2.6 |
2006-02-16 | CVE-2006-0723 | Code Injection vulnerability in Reamday Enterprises Magic News Lite 1.2.3 PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter. | 2.6 |
2006-02-16 | CVE-2006-0722 | Variable Overwrite vulnerability in Reamday Enterprises Magic Downloads 1.1.3 settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized. | 2.6 |
2006-02-13 | CVE-2006-0673 | SQL Injection vulnerability in Reamday Enterprises Magic Calendar Lite 1.02 Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password parameter. | 7.5 |
2006-01-10 | CVE-2006-0157 | Unspecified vulnerability in Reamday Enterprises Magic News Plus 1.0.3 settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters. | 5.0 |