Vulnerabilities > Tincan > Phplist
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-10-01 | CVE-2012-5228 | Cross-Site Scripting vulnerability in Tincan PHPlist Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. | 4.3 |
| 2011-04-13 | CVE-2011-1682 | Cross-Site Request Forgery (CSRF) vulnerability in Tincan PHPlist Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. | 4.3 |
| 2011-04-13 | CVE-2011-0748 | Cross-Site Request Forgery (CSRF) vulnerability in Tincan PHPlist Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts. | 6.8 |
| 2009-02-05 | CVE-2009-0422 | Code Injection vulnerability in Tincan PHPlist Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php. | 7.5 |
| 2009-01-12 | CVE-2008-5887 | Improper Input Validation vulnerability in Tincan PHPlist phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." | 5.0 |
| 2006-10-17 | CVE-2006-5322 | SQL-Injection vulnerability in PHPlist Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2006-10-17 | CVE-2006-5321 | Unspecified vulnerability in Tincan PHPlist Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. network tincan | 4.3 |
| 2006-10-16 | CVE-2006-5294 | Unspecified vulnerability in Tincan PHPlist Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter. network tincan | 4.3 |
| 2006-04-12 | CVE-2006-1746 | Path Traversal vulnerability in Tincan PHPlist Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. | 5.0 |
| 2005-11-16 | CVE-2005-3557 | Input Validation vulnerability in PHPList Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. | 5.0 |