Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
22 vulnerabilities by dynpg
CVE-2020-27406 (GCVE-0-2020-27406)
Vulnerability from cvelistv5 – Published: 2021-11-02 10:11 – Updated: 2024-08-04 16:18
VLAI
Summary
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://dynpg.com | x_refsource_MISC |
| https://www.exploit-db.com/exploits/48865 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:43.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dynpg.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T10:11:44.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dynpg.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/48865"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dynpg.com",
"refsource": "MISC",
"url": "http://dynpg.com"
},
{
"name": "https://www.exploit-db.com/exploits/48865",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/48865"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27406",
"datePublished": "2021-11-02T10:11:44.000Z",
"dateReserved": "2020-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:18:43.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27526 (GCVE-0-2021-27526)
Vulnerability from cvelistv5 – Published: 2021-03-23 13:21 – Updated: 2024-08-03 21:26
VLAI
Summary
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xoffense/POC/blob/main/DynPG%2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20page%20parameter"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"page\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T13:21:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20page%20parameter"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"page\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20page%20parameter",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20page%20parameter"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27526",
"datePublished": "2021-03-23T13:21:55.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:09.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27527 (GCVE-0-2021-27527)
Vulnerability from cvelistv5 – Published: 2021-03-23 13:20 – Updated: 2024-08-03 21:26
VLAI
Summary
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xoffense/POC/blob/main/DynPG%2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20valueID%20parameter"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"valueID\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T13:20:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20valueID%20parameter"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"valueID\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20valueID%20parameter",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20valueID%20parameter"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27527",
"datePublished": "2021-03-23T13:20:45.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:10.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27530 (GCVE-0-2021-27530)
Vulnerability from cvelistv5 – Published: 2021-03-23 13:19 – Updated: 2024-08-03 21:26
VLAI
Summary
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xoffense/POC/blob/main/DynPG%2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20index.php%20URI"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T13:19:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20index.php%20URI"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20index.php%20URI",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20index.php%20URI"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27530",
"datePublished": "2021-03-23T13:19:50.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:09.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27528 (GCVE-0-2021-27528)
Vulnerability from cvelistv5 – Published: 2021-03-23 13:18 – Updated: 2024-08-03 21:26
VLAI
Summary
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xoffense/POC/blob/main/DynPG%2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20refID%20parameter"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"refID\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T13:18:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20refID%20parameter"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"refID\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20refID%20parameter",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20refID%20parameter"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27528",
"datePublished": "2021-03-23T13:18:20.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:09.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27531 (GCVE-0-2021-27531)
Vulnerability from cvelistv5 – Published: 2021-03-23 13:16 – Updated: 2024-08-03 21:26
VLAI
Summary
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xoffense/POC/blob/main/DynPG%2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20query%20parameter"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"query\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T13:16:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20query%20parameter"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"query\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20query%20parameter",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20query%20parameter"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27531",
"datePublished": "2021-03-23T13:16:55.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:10.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27529 (GCVE-0-2021-27529)
Vulnerability from cvelistv5 – Published: 2021-03-23 13:15 – Updated: 2024-08-03 21:26
VLAI
Summary
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xoffense/POC/blob/main/DynPG%2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20limit%20parameter"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"limit\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T13:15:46.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20limit%20parameter"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"limit\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20limit%20parameter",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20limit%20parameter"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27529",
"datePublished": "2021-03-23T13:15:46.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:09.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4399 (GCVE-0-2010-4399)
Vulnerability from cvelistv5 – Published: 2010-12-04 23:00 – Updated: 2024-09-16 18:08
VLAI
Summary
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.dynpg.org/cms-freeware_en.php?t=DynPG+… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/45115 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/42380 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/69539 | vdb-entryx_refsource_OSVDB |
| http://packetstormsecurity.org/files/view/96230/d… | x_refsource_MISC |
| http://www.htbridge.ch/advisory/lfi_in_dynpg.html | x_refsource_MISC |
| http://www.exploit-db.com/exploits/15646 | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "45115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45115"
},
{
"name": "42380",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42380"
},
{
"name": "69539",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69539"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/lfi_in_dynpg.html"
},
{
"name": "15646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-04T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "45115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45115"
},
{
"name": "42380",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42380"
},
{
"name": "69539",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69539"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/lfi_in_dynpg.html"
},
{
"name": "15646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226",
"refsource": "CONFIRM",
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "45115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45115"
},
{
"name": "42380",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42380"
},
{
"name": "69539",
"refsource": "OSVDB",
"url": "http://osvdb.org/69539"
},
{
"name": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"name": "http://www.htbridge.ch/advisory/lfi_in_dynpg.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/lfi_in_dynpg.html"
},
{
"name": "15646",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4399",
"datePublished": "2010-12-04T23:00:00.000Z",
"dateReserved": "2010-12-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:08:58.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4401 (GCVE-0-2010-4401)
Vulnerability from cvelistv5 – Published: 2010-12-04 23:00 – Updated: 2024-08-07 03:43
VLAI
Summary
languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.dynpg.org/cms-freeware_en.php?t=DynPG+… | x_refsource_CONFIRM |
| http://packetstormsecurity.org/files/view/96230/d… | x_refsource_MISC |
| http://www.htbridge.ch/advisory/path_disclosure_i… | x_refsource_MISC |
| http://www.exploit-db.com/exploits/15646 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/69632 | vdb-entryx_refsource_OSVDB |
Date Public
2010-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/path_disclosure_in_dynpg.html"
},
{
"name": "15646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15646"
},
{
"name": "69632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69632"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-10T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/path_disclosure_in_dynpg.html"
},
{
"name": "15646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15646"
},
{
"name": "69632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69632"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226",
"refsource": "CONFIRM",
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"name": "http://www.htbridge.ch/advisory/path_disclosure_in_dynpg.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/path_disclosure_in_dynpg.html"
},
{
"name": "15646",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15646"
},
{
"name": "69632",
"refsource": "OSVDB",
"url": "http://osvdb.org/69632"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4401",
"datePublished": "2010-12-04T23:00:00.000Z",
"dateReserved": "2010-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:14.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4400 (GCVE-0-2010-4400)
Vulnerability from cvelistv5 – Published: 2010-12-04 23:00 – Updated: 2024-08-07 03:43
VLAI
Summary
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.dynpg.org/cms-freeware_en.php?t=DynPG+… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/45115 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.org/files/view/96230/d… | x_refsource_MISC |
| http://www.htbridge.ch/advisory/sql_injection_in_… | x_refsource_MISC |
| http://osvdb.org/69631 | vdb-entryx_refsource_OSVDB |
| http://www.exploit-db.com/exploits/15646 | exploitx_refsource_EXPLOIT-DB |
Date Public
2010-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "45115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html"
},
{
"name": "69631",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69631"
},
{
"name": "15646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-10T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "45115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html"
},
{
"name": "69631",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69631"
},
{
"name": "15646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226",
"refsource": "CONFIRM",
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "45115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45115"
},
{
"name": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"name": "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html"
},
{
"name": "69631",
"refsource": "OSVDB",
"url": "http://osvdb.org/69631"
},
{
"name": "15646",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4400",
"datePublished": "2010-12-04T23:00:00.000Z",
"dateReserved": "2010-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:14.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1299 (GCVE-0-2010-1299)
Vulnerability from cvelistv5 – Published: 2010-04-07 18:00 – Updated: 2024-08-07 01:21
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/11994 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/39185 | third-party-advisoryx_refsource_SECUNIA |
| http://www.dynpg.org/cms-freeware.php?t=DynPG-Upd… | x_refsource_CONFIRM |
| http://packetstormsecurity.org/1004-exploits/dynp… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/510477/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/39168 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/63415 | vdb-entryx_refsource_OSVDB |
Date Public
2010-04-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11994",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11994"
},
{
"name": "39185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dynpg.org/cms-freeware.php?t=DynPG-Update+4.1.1+noch+einfacher+und+sicherer%21\u0026read_article=169"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1004-exploits/dynpgcms-rfi.txt"
},
{
"name": "20100401 DynPG CMS v4.1.0 Multiple Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510477/100/0/threaded"
},
{
"name": "dynphcms-popup-file-include(57491)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57491"
},
{
"name": "39168",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39168"
},
{
"name": "dynphcms-guestbookaction-file-include(57490)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57490"
},
{
"name": "63415",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11994",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11994"
},
{
"name": "39185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dynpg.org/cms-freeware.php?t=DynPG-Update+4.1.1+noch+einfacher+und+sicherer%21\u0026read_article=169"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1004-exploits/dynpgcms-rfi.txt"
},
{
"name": "20100401 DynPG CMS v4.1.0 Multiple Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510477/100/0/threaded"
},
{
"name": "dynphcms-popup-file-include(57491)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57491"
},
{
"name": "39168",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39168"
},
{
"name": "dynphcms-guestbookaction-file-include(57490)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57490"
},
{
"name": "63415",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63415"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11994",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11994"
},
{
"name": "39185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39185"
},
{
"name": "http://www.dynpg.org/cms-freeware.php?t=DynPG-Update+4.1.1+noch+einfacher+und+sicherer!\u0026read_article=169",
"refsource": "CONFIRM",
"url": "http://www.dynpg.org/cms-freeware.php?t=DynPG-Update+4.1.1+noch+einfacher+und+sicherer!\u0026read_article=169"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/dynpgcms-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/dynpgcms-rfi.txt"
},
{
"name": "20100401 DynPG CMS v4.1.0 Multiple Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510477/100/0/threaded"
},
{
"name": "dynphcms-popup-file-include(57491)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57491"
},
{
"name": "39168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39168"
},
{
"name": "dynphcms-guestbookaction-file-include(57490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57490"
},
{
"name": "63415",
"refsource": "OSVDB",
"url": "http://osvdb.org/63415"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1299",
"datePublished": "2010-04-07T18:00:00.000Z",
"dateReserved": "2010-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:21:18.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27406 (GCVE-0-2020-27406)
Vulnerability from nvd – Published: 2021-11-02 10:11 – Updated: 2024-08-04 16:18
VLAI
Summary
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://dynpg.com | x_refsource_MISC |
| https://www.exploit-db.com/exploits/48865 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:43.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dynpg.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T10:11:44.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dynpg.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/48865"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dynpg.com",
"refsource": "MISC",
"url": "http://dynpg.com"
},
{
"name": "https://www.exploit-db.com/exploits/48865",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/48865"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27406",
"datePublished": "2021-11-02T10:11:44.000Z",
"dateReserved": "2020-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:18:43.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27526 (GCVE-0-2021-27526)
Vulnerability from nvd – Published: 2021-03-23 13:21 – Updated: 2024-08-03 21:26
VLAI
Summary
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xoffense/POC/blob/main/DynPG%2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20page%20parameter"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"page\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T13:21:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20page%20parameter"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"page\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20page%20parameter",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20page%20parameter"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27526",
"datePublished": "2021-03-23T13:21:55.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:09.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27527 (GCVE-0-2021-27527)
Vulnerability from nvd – Published: 2021-03-23 13:20 – Updated: 2024-08-03 21:26
VLAI
Summary
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xoffense/POC/blob/main/DynPG%2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20valueID%20parameter"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"valueID\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T13:20:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20valueID%20parameter"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"valueID\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20valueID%20parameter",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20valueID%20parameter"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27527",
"datePublished": "2021-03-23T13:20:45.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:10.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27530 (GCVE-0-2021-27530)
Vulnerability from nvd – Published: 2021-03-23 13:19 – Updated: 2024-08-03 21:26
VLAI
Summary
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xoffense/POC/blob/main/DynPG%2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20index.php%20URI"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T13:19:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20index.php%20URI"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20index.php%20URI",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20index.php%20URI"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27530",
"datePublished": "2021-03-23T13:19:50.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:09.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27528 (GCVE-0-2021-27528)
Vulnerability from nvd – Published: 2021-03-23 13:18 – Updated: 2024-08-03 21:26
VLAI
Summary
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xoffense/POC/blob/main/DynPG%2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20refID%20parameter"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"refID\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T13:18:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20refID%20parameter"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"refID\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20refID%20parameter",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20refID%20parameter"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27528",
"datePublished": "2021-03-23T13:18:20.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:09.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27531 (GCVE-0-2021-27531)
Vulnerability from nvd – Published: 2021-03-23 13:16 – Updated: 2024-08-03 21:26
VLAI
Summary
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xoffense/POC/blob/main/DynPG%2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20query%20parameter"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"query\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T13:16:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20query%20parameter"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"query\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20query%20parameter",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20query%20parameter"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27531",
"datePublished": "2021-03-23T13:16:55.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:10.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27529 (GCVE-0-2021-27529)
Vulnerability from nvd – Published: 2021-03-23 13:15 – Updated: 2024-08-03 21:26
VLAI
Summary
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xoffense/POC/blob/main/DynPG%2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20limit%20parameter"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"limit\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T13:15:46.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20limit%20parameter"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the \"limit\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20limit%20parameter",
"refsource": "MISC",
"url": "https://github.com/xoffense/POC/blob/main/DynPG%204.9.2%20XSS%20via%20limit%20parameter"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27529",
"datePublished": "2021-03-23T13:15:46.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:09.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4401 (GCVE-0-2010-4401)
Vulnerability from nvd – Published: 2010-12-04 23:00 – Updated: 2024-08-07 03:43
VLAI
Summary
languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.dynpg.org/cms-freeware_en.php?t=DynPG+… | x_refsource_CONFIRM |
| http://packetstormsecurity.org/files/view/96230/d… | x_refsource_MISC |
| http://www.htbridge.ch/advisory/path_disclosure_i… | x_refsource_MISC |
| http://www.exploit-db.com/exploits/15646 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/69632 | vdb-entryx_refsource_OSVDB |
Date Public
2010-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/path_disclosure_in_dynpg.html"
},
{
"name": "15646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15646"
},
{
"name": "69632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69632"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-10T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/path_disclosure_in_dynpg.html"
},
{
"name": "15646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15646"
},
{
"name": "69632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69632"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226",
"refsource": "CONFIRM",
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"name": "http://www.htbridge.ch/advisory/path_disclosure_in_dynpg.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/path_disclosure_in_dynpg.html"
},
{
"name": "15646",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15646"
},
{
"name": "69632",
"refsource": "OSVDB",
"url": "http://osvdb.org/69632"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4401",
"datePublished": "2010-12-04T23:00:00.000Z",
"dateReserved": "2010-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:14.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4400 (GCVE-0-2010-4400)
Vulnerability from nvd – Published: 2010-12-04 23:00 – Updated: 2024-08-07 03:43
VLAI
Summary
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.dynpg.org/cms-freeware_en.php?t=DynPG+… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/45115 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.org/files/view/96230/d… | x_refsource_MISC |
| http://www.htbridge.ch/advisory/sql_injection_in_… | x_refsource_MISC |
| http://osvdb.org/69631 | vdb-entryx_refsource_OSVDB |
| http://www.exploit-db.com/exploits/15646 | exploitx_refsource_EXPLOIT-DB |
Date Public
2010-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "45115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html"
},
{
"name": "69631",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69631"
},
{
"name": "15646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-10T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "45115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html"
},
{
"name": "69631",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69631"
},
{
"name": "15646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226",
"refsource": "CONFIRM",
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "45115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45115"
},
{
"name": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"name": "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html"
},
{
"name": "69631",
"refsource": "OSVDB",
"url": "http://osvdb.org/69631"
},
{
"name": "15646",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4400",
"datePublished": "2010-12-04T23:00:00.000Z",
"dateReserved": "2010-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:14.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4399 (GCVE-0-2010-4399)
Vulnerability from nvd – Published: 2010-12-04 23:00 – Updated: 2024-09-16 18:08
VLAI
Summary
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.dynpg.org/cms-freeware_en.php?t=DynPG+… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/45115 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/42380 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/69539 | vdb-entryx_refsource_OSVDB |
| http://packetstormsecurity.org/files/view/96230/d… | x_refsource_MISC |
| http://www.htbridge.ch/advisory/lfi_in_dynpg.html | x_refsource_MISC |
| http://www.exploit-db.com/exploits/15646 | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "45115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45115"
},
{
"name": "42380",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42380"
},
{
"name": "69539",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69539"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/lfi_in_dynpg.html"
},
{
"name": "15646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-04T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "45115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45115"
},
{
"name": "42380",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42380"
},
{
"name": "69539",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69539"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/lfi_in_dynpg.html"
},
{
"name": "15646",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226",
"refsource": "CONFIRM",
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update\u0026read_article=226"
},
{
"name": "45115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45115"
},
{
"name": "42380",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42380"
},
{
"name": "69539",
"refsource": "OSVDB",
"url": "http://osvdb.org/69539"
},
{
"name": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"name": "http://www.htbridge.ch/advisory/lfi_in_dynpg.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/lfi_in_dynpg.html"
},
{
"name": "15646",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4399",
"datePublished": "2010-12-04T23:00:00.000Z",
"dateReserved": "2010-12-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:08:58.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1299 (GCVE-0-2010-1299)
Vulnerability from nvd – Published: 2010-04-07 18:00 – Updated: 2024-08-07 01:21
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/11994 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/39185 | third-party-advisoryx_refsource_SECUNIA |
| http://www.dynpg.org/cms-freeware.php?t=DynPG-Upd… | x_refsource_CONFIRM |
| http://packetstormsecurity.org/1004-exploits/dynp… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/510477/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/39168 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/63415 | vdb-entryx_refsource_OSVDB |
Date Public
2010-04-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11994",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11994"
},
{
"name": "39185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dynpg.org/cms-freeware.php?t=DynPG-Update+4.1.1+noch+einfacher+und+sicherer%21\u0026read_article=169"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1004-exploits/dynpgcms-rfi.txt"
},
{
"name": "20100401 DynPG CMS v4.1.0 Multiple Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510477/100/0/threaded"
},
{
"name": "dynphcms-popup-file-include(57491)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57491"
},
{
"name": "39168",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39168"
},
{
"name": "dynphcms-guestbookaction-file-include(57490)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57490"
},
{
"name": "63415",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11994",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11994"
},
{
"name": "39185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dynpg.org/cms-freeware.php?t=DynPG-Update+4.1.1+noch+einfacher+und+sicherer%21\u0026read_article=169"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1004-exploits/dynpgcms-rfi.txt"
},
{
"name": "20100401 DynPG CMS v4.1.0 Multiple Remote File Inclusion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510477/100/0/threaded"
},
{
"name": "dynphcms-popup-file-include(57491)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57491"
},
{
"name": "39168",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39168"
},
{
"name": "dynphcms-guestbookaction-file-include(57490)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57490"
},
{
"name": "63415",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63415"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot parameter to plugins/DPGguestbook/guestbookaction.php and (3) get_popUpResource parameter to backendpopup/popup.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11994",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11994"
},
{
"name": "39185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39185"
},
{
"name": "http://www.dynpg.org/cms-freeware.php?t=DynPG-Update+4.1.1+noch+einfacher+und+sicherer!\u0026read_article=169",
"refsource": "CONFIRM",
"url": "http://www.dynpg.org/cms-freeware.php?t=DynPG-Update+4.1.1+noch+einfacher+und+sicherer!\u0026read_article=169"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/dynpgcms-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/dynpgcms-rfi.txt"
},
{
"name": "20100401 DynPG CMS v4.1.0 Multiple Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510477/100/0/threaded"
},
{
"name": "dynphcms-popup-file-include(57491)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57491"
},
{
"name": "39168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39168"
},
{
"name": "dynphcms-guestbookaction-file-include(57490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57490"
},
{
"name": "63415",
"refsource": "OSVDB",
"url": "http://osvdb.org/63415"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1299",
"datePublished": "2010-04-07T18:00:00.000Z",
"dateReserved": "2010-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:21:18.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}