IDCVSSSummaryLast (major) updatePublished
CVE-2009-2302 4.3
Cross-site scripting (XSS) vulnerability in index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action. NOTE: it was later reported that 5.2.1 is also aff
10-10-2018 - 19:39 02-07-2009 - 10:30
CVE-2009-2303 5.0
index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message.
10-10-2018 - 19:39 02-07-2009 - 10:30
CVE-2009-2304 5.0
index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote attackers to obtain sensitive information via a nonexistent account name in the u parameter in a rate action, which reveals the installation path in an error message.
10-10-2018 - 19:39 02-07-2009 - 10:30
CVE-2006-7026 6.8
PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vecto
11-10-2017 - 01:31 23-02-2007 - 03:28
Back to Top Mark selected
Back to Top