Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lifetype lifetype vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-6112
LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote malicious users to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php ...
Lifetype Lifetype 1.1.2
Lifetype Lifetype 1.0.4
Lifetype Lifetype 1.0.5
Lifetype Lifetype 1.1.0
Lifetype Lifetype 1.1.1
Lifetype Lifetype 1.0.2
Lifetype Lifetype 1.0.3
NA
CVE-2006-2857
SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote malicious users to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action (viewarticleaction.class.php).
Lifetype Lifetype 1.0.2
Lifetype Lifetype 1.0.3
Lifetype Lifetype 1.0.4
1 EDB exploit
NA
CVE-2007-0979
Unspecified vulnerability in LifeType prior to 1.1.6, and 1.2 prior to 1.2-beta2, allows remote malicious users to obtain sensitive information (file contents) via a "crafted URL."
Lifetype Lifetype
NA
CVE-2008-2629
SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote malicious users to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.
Lifetype Lifetype
1 EDB exploit
NA
CVE-2006-3577
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote malicious users to execute arbitrary SQL commands via the Date parameter in a Default op.
Lifetype Lifetype 1.0.5
1 EDB exploit
NA
CVE-2008-2196
Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.8 allows remote malicious users to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178.
Lifetype Lifetype 1.2.8
1 EDB exploit
NA
CVE-2006-1808
Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote malicious users to inject arbitrary web script or HTML via the show parameter in a Template operation.
Lifetype Lifetype 1.0.3
1 EDB exploit
NA
CVE-2008-2178
Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.7 allows remote malicious users to inject arbitrary web script or HTML via the searchTerms parameter in an editArticleCategories operation (aka an admin category search).
Lifetype Lifetype 1.2.7
NA
CVE-2011-3751
LifeType 1.2.10 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/badbehavior/pluginbadbehavior.class.php.
Lifetype Lifetype 1.2.10
NA
CVE-2006-1809
index.php in Lifetype 1.0.3 allows remote malicious users to obtain sensitive information via an invalid show parameter, which reveals the path in an error message.
Lifetype Lifetype 1.0.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started