Vulnerabilities > Savewebportal

DATE CVE VULNERABILITY TITLE RISK
2006-08-07 CVE-2006-4012 Remote File Include vulnerability in Savewebportal 3.4
Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php.
network
high complexity
savewebportal
5.1
2005-08-24 CVE-2005-2688 Cross-Site Scripting vulnerability in Savewebportal 3.4
Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields.
network
savewebportal
4.3
2005-08-24 CVE-2005-2687 Remote Security vulnerability in Savewebportal 3.4
PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php.
network
low complexity
savewebportal
7.5
2005-08-24 CVE-2005-2686 Directory Traversal vulnerability in Savewebportal 3.4
Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php.
network
low complexity
savewebportal
7.5
2005-08-24 CVE-2005-2685 Remote Security vulnerability in Savewebportal 3.4
SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter.
network
low complexity
savewebportal
7.5