Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phplist phplist vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-4066
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 prior to 5.x-1.2 and 6 prior to 6.x-1.1 for Drupal allow remote malicious users to hijack the authentication of arbitrary users via vectors related to ...
Drupal Drupal
Paul Beaney Phplist 5.x-1.x
Paul Beaney Phplist 6.x-1.x
Paul Beaney Phplist 6.x-1.0
Paul Beaney Phplist 5.x-1.0
Paul Beaney Phplist 5.x-1.1
NA
CVE-2008-6178
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote malicious users to execute arbitrary code by creating a file with PHP sequences preceded by...
Phplist Phplist 2.10.1
Fckeditor Fckeditor 2.4.3
Phplist Phplist 2.10.5
Phplist Phplist 2.10.4
Fckeditor Fckeditor 2.3beta
Fckeditor Fckeditor 2.0rc2
Fckeditor Fckeditor 2.0rc3
Fckeditor Fckeditor 2.2
Phplist Phplist 2.10.3
Phplist Phplist 2.10.2
Phplist Phplist 2.10.6
2 EDB exploits
NA
CVE-2009-0422
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and previous versions, when register_globals is disabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] paramet...
Tincan Phplist 2.7.2
Tincan Phplist 2.8.2
Tincan Phplist 2.10.6
Tincan Phplist 2.10.7
Tincan Phplist 2.6.0
Tincan Phplist 2.5.8
Tincan Phplist 2.5.0
Tincan Phplist 2.4.0
Tincan Phplist 2.2.1
Tincan Phplist 2.2.0
Tincan Phplist 1.9.1
Tincan Phplist 1.9.0
Tincan Phplist 2.8.12
Tincan Phplist 2.10.1
Tincan Phplist 2.8.7
Tincan Phplist 2.6.4
Tincan Phplist 2.5.7
Tincan Phplist 2.5.6
Tincan Phplist 2.3.4
Tincan Phplist 2.4.7
Tincan Phplist 2.1.4
Tincan Phplist 2.1.3
1 EDB exploit
NA
CVE-2008-5887
phplist prior to 2.10.8 allows remote malicious users to include files via unknown vectors, related to a "local file include vulnerability."
Tincan Phplist 2.6.5
Tincan Phplist 2.7.1
Tincan Phplist 2.10.4
Tincan Phplist 2.10.5
Tincan Phplist 2.6.3
Tincan Phplist 2.6.0
Tincan Phplist 2.5.1
Tincan Phplist 2.5.0
Tincan Phplist 2.3.0
Tincan Phplist 2.2.1
Tincan Phplist 1.9.2
Tincan Phplist 1.9.1
Tincan Phplist 1.6.0
Tincan Phplist 1.5.1
Tincan Phplist 1.1.5
Tincan Phplist 1.1.5b
Tincan Phplist 2.8.12
Tincan Phplist 2.10.1
Tincan Phplist 2.6.4
Tincan Phplist 2.6.2
Tincan Phplist 2.5.6
Tincan Phplist 2.5.5
NA
CVE-2006-5524
Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote malicious users to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321.
Phplist Phplist 2.10.2
1 EDB exploit
NA
CVE-2006-5322
Multiple SQL injection vulnerabilities in phplist prior to 2.10.3 allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Tincan Phplist 2.8.12
Tincan Phplist 2.9.3
Tincan Phplist 2.10.1
Tincan Phplist 2.9.4
Tincan Phplist 2.9.5
Tincan Phplist
NA
CVE-2006-5321
Multiple cross-site scripting (XSS) vulnerabilities in phplist prior to 2.10.3 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Tincan Phplist 2.10.1
Tincan Phplist 2.6.1
Tincan Phplist 2.6.3
Tincan Phplist 2.8.12
Tincan Phplist 2.8.7
Tincan Phplist 2.6.4
Tincan Phplist 2.6.5
Tincan Phplist 2.7.1
Tincan Phplist 2.7.2
Tincan Phplist 2.6
Tincan Phplist 2.6.2
Tincan Phplist 2.8.2
Tincan Phplist
NA
CVE-2006-5294
Cross-site scripting (XSS) vulnerability in index.php in phplist prior to 2.10.3 allows remote malicious users to inject arbitrary web script or HTML via the unsubscribeemail parameter.
Tincan Phplist 2.6.1
Tincan Phplist 2.6.2
Tincan Phplist 2.10.1
Tincan Phplist 2.6
Tincan Phplist 2.6.3
Tincan Phplist 2.6.4
Tincan Phplist 2.8.12
Tincan Phplist
1 EDB exploit
NA
CVE-2006-1746
Directory traversal vulnerability in PHPList 2.10.2 and previous versions allows remote malicious users to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.
Tincan Phplist 2.6.1
Tincan Phplist 2.6.2
Tincan Phplist 2.8.2
Tincan Phplist 2.8.7
Tincan Phplist 2.10.1
Tincan Phplist 2.6
Tincan Phplist 2.7.2
Tincan Phplist 2.8.12
Tincan Phplist 2.6.5
Tincan Phplist 2.7.1
Tincan Phplist 2.6.3
Tincan Phplist 2.6.4
Tincan Phplist
NA
CVE-2005-3555
Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and previous versions allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page.
Tincan Phplist
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »