Vulnerabilities > Salims Softhouse

DATE CVE VULNERABILITY TITLE RISK
2007-11-27 CVE-2007-6142 Cross-Site Scripting vulnerability in Salims Softhouse JAF CMS 4.0Rc2
Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php.
4.3
2007-03-06 CVE-2006-7128 Remote File Include vulnerability in Salims Softhouse JAF CMS 4.0
PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.
network
low complexity
salims-softhouse
7.5
2007-03-06 CVE-2006-7127 Code Injection vulnerability in Salims Softhouse JAF CMS 4.0
Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the main_dir parameter to (1) forum/main.php and (2) forum/headlines.php.
6.8
2006-10-03 CVE-2006-5131 Remote Security vulnerability in Salims Softhouse JAF CMS 4.0
module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "<?php" and "?>", possibly due to a static code injection vulnerability involving admin/data_inc.php.
network
low complexity
salims-softhouse
7.5
2006-10-03 CVE-2006-5130 Cross-Site Scripting vulnerability in Salims Softhouse JAF CMS 4.0
Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post.
6.8
2006-10-03 CVE-2006-5129 HTML-Injection vulnerability in Salims Softhouse JAF CMS 4.0
Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables.
6.8
2005-06-28 CVE-2005-2053 Information Disclosure vulnerability in JAF CMS
Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message.
network
low complexity
salims-softhouse
5.0
2004-12-31 CVE-2004-1505 Directory Traversal vulnerability in Salims Softhouse JAF CMS 3.0
Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a ..
network
low complexity
salims-softhouse
7.5
2004-12-31 CVE-2004-1504 Information Disclosure vulnerability in Salims Softhouse JAF CMS 3.0
The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php.
network
low complexity
salims-softhouse
5.0