Vulnerabilities > Savewebportal > Savewebportal
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-07 | CVE-2006-4012 | Remote File Include vulnerability in Savewebportal 3.4 Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. | 5.1 |
2005-08-24 | CVE-2005-2688 | Cross-Site Scripting vulnerability in Savewebportal 3.4 Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields. network savewebportal | 4.3 |
2005-08-24 | CVE-2005-2687 | Remote Security vulnerability in Savewebportal 3.4 PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | 7.5 |
2005-08-24 | CVE-2005-2686 | Directory Traversal vulnerability in Savewebportal 3.4 Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | 7.5 |
2005-08-24 | CVE-2005-2685 | Remote Security vulnerability in Savewebportal 3.4 SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. | 7.5 |