Raphael Huck

#11002de 53,638
25CVSS total
Vulnerabilidades · 4
Média
4
PT-2006-6015
6.8
2006-10-16
Noah · Noah'S Classifieds · CVE-2006-5293
**Name of the Vulnerable Software and Affected Versions** Noah's Classifieds versions 1.3 and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `frommethod` parameter in the index.php file. **Recommendations** For versions 1.3 and earlier, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the `frommethod` parameter in the index.php file to minimize the risk of exploitation.
PT-2006-3574
6.8
2006-05-30
Wikini · Wikini · CVE-2006-2652
**Name of the Vulnerable Software and Affected Versions** WikiNi versions 0.4.2 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script. This enables attackers to execute malicious scripts on the client-side. **Recommendations** For WikiNi versions 0.4.2 and earlier, update to a version later than 0.4.2 to resolve the issue.
PT-2006-3165
5.0
2006-05-04
Zenphoto · Zenphoto · CVE-2006-2186
**Name of the Vulnerable Software and Affected Versions** zenphoto versions 1.0.1 beta and earlier **Description** The issue allows remote attackers to obtain sensitive information via a direct request for the "/photos/themes/default/" and "/photos/themes/testing/" API Endpoints, which reveals the path in an error message. **Recommendations** For versions 1.0.1 beta and earlier, consider restricting access to the "/photos/themes/default/" and "/photos/themes/testing/" API Endpoints to minimize the risk of exploitation.
PT-2006-2341
6.4
2006-03-21
Noah · Noah'S Classifieds · CVE-2006-1332
**Name of the Vulnerable Software and Affected Versions** Noah's Classifieds versions 1.3 and earlier **Description** The issue allows remote attackers to obtain sensitive information. This is achieved by providing an invalid list parameter in the "showdetails" method to "index.php", which reveals the path in an error message. **Recommendations** For versions 1.3 and earlier, consider restricting access to the "showdetails" method in "index.php" to minimize the risk of exploitation. As a temporary workaround, avoid using the invalid list parameter in the "showdetails" method until a fix is available.