Vulnerabilities > Webspell

DATE CVE VULNERABILITY TITLE RISK
2011-10-05 CVE-2010-4861 SQL Injection vulnerability in Webspell 4.2.1
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
network
low complexity
webspell CWE-89
7.5
2009-06-04 CVE-2009-1912 Path Traversal vulnerability in Webspell
Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a ..
network
webspell CWE-22
6.8
2009-04-24 CVE-2009-1408 Cross-Site Scripting vulnerability in Webspell 4.2.0C
Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags.
network
webspell CWE-79
4.3
2008-03-24 CVE-2008-1481 Cross-Site Scripting vulnerability in Webspell 4.1.2
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter.
network
webspell CWE-79
4.3
2008-02-05 CVE-2008-0574 Cross-Site Scripting vulnerability in Webspell 4.01.02
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action.
network
webspell CWE-79
4.3
2008-02-05 CVE-2008-0575 Cross-Site Request Forgery (CSRF) vulnerability in Webspell 4.01.02
Cross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action.
network
webspell CWE-352
4.3
2007-12-11 CVE-2007-6309 Cross-Site Scripting vulnerability in Webspell 4.1.2
Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action.
network
webspell CWE-79
4.3
2007-07-26 CVE-2007-4028 Local File Include vulnerability in Webspell 4.01.02
Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter.
network
low complexity
webspell
7.5
2007-04-30 CVE-2007-2368 Remote Security vulnerability in webSPELL
picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter.
network
low complexity
webspell
5.0
2007-04-30 CVE-2007-2369 Directory Traversal vulnerability in PHP
Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a ..
network
low complexity
php webspell
5.0