| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-4878 | 5.0 |
Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported t
|
17-10-2018 - 21:40 | 19-09-2006 - 21:07 | |
| CVE-2006-4877 | 5.0 |
Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1
|
17-10-2018 - 21:40 | 19-09-2006 - 21:07 | |
| CVE-2006-4879 | 7.5 |
SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
|
17-10-2018 - 21:40 | 19-09-2006 - 21:07 | |
| CVE-2006-4880 | 5.0 |
David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages.
|
17-10-2018 - 21:40 | 19-09-2006 - 21:07 | |
| CVE-2006-4881 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) drop
|
17-10-2018 - 21:40 | 19-09-2006 - 21:07 |