Filtered by vendor Scriptsez
Subscribe
Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2232 | 1 Scriptsez | 1 Cute Guestbook | 2018-10-18 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook. | |||||
CVE-2007-0517 | 1 Scriptsez | 1 Random Php Quote | 2018-10-16 | 7.5 HIGH | N/A |
Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt. | |||||
CVE-2007-0518 | 1 Scriptsez | 1 Smart Php Subscriber | 2018-10-16 | 7.5 HIGH | N/A |
Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt. | |||||
CVE-2008-2116 | 1 Scriptsez | 1 Power Editor | 2018-10-11 | 4.4 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action. | |||||
CVE-2008-2115 | 1 Scriptsez | 1 Power Editor | 2018-10-11 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action. | |||||
CVE-2008-6090 | 1 Scriptsez | 1 Mini Hosting Panel | 2017-09-28 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in members.php in ScriptsEz Mini Hosting Panel allows remote attackers to read arbitrary local files via a .. (dot dot) in the dir parameter in a view action. | |||||
CVE-2008-5218 | 1 Scriptsez | 1 Freeze Greetings | 2017-09-28 | 5.0 MEDIUM | N/A |
ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords. | |||||
CVE-2008-6089 | 1 Scriptsez | 1 Easy Image Downloader | 2017-09-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in main.php in ScriptsEz Easy Image Downloader allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a download action. | |||||
CVE-2008-6112 | 1 Scriptsez | 1 Ez Ringtone Manager | 2017-09-28 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a detail action to (1) main.php and (2) template.php in ringtones/. | |||||
CVE-2009-4682 | 1 Scriptsez | 1 Good\/bad Vote | 2017-09-18 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action. | |||||
CVE-2009-4683 | 1 Scriptsez | 1 Good\/bad Vote | 2017-09-18 | 7.5 HIGH | N/A |
Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-0983 | 1 Scriptsez | 1 Ez Album | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | |||||
CVE-2009-3601 | 1 Scriptsez | 1 Ultimate Poll | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez Ultimate Poll allows remote attackers to inject arbitrary web script or HTML via the clr parameter in a vote action. | |||||
CVE-2009-4364 | 1 Scriptsez | 1 Ez Blog | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-4365 | 1 Scriptsez | 1 Ez Blog | 2017-08-16 | 4.3 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action. | |||||
CVE-2009-4366 | 1 Scriptsez | 1 Ez Blog | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action. | |||||
CVE-2009-2551 | 1 Scriptsez | 1 Easy Image Downloader | 2017-08-16 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php. | |||||
CVE-2006-3004 | 1 Scriptsez | 1 Ez Ringtone Manager | 2017-07-19 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search. | |||||
CVE-2009-4317 | 1 Scriptsez | 1 Ez Cart | 2013-08-15 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Cart allows remote attackers to inject arbitrary web script or HTML via the sid parameter in a showcat action. | |||||
CVE-2009-4826 | 1 Scriptsez | 1 Mini Hosting Panel | 2010-05-23 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action. |