Jetbox Jetbox_cms
19 CVEs affecting Jetbox Jetbox_cms. Latest disclosed: 2009-02-19. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2008-6174 | | 2009-02-19 | Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the… | |
CVE-2008-4651 | | 2008-10-22 | Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to ad… | |
CVE-2007-2686 | | 2007-05-22 | Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter… | |
CVE-2007-2685 | | 2007-05-21 | Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login pa… | |
CVE-2007-2684 | | 2007-05-21 | Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (… | |
CVE-2007-2733 | | 2007-05-16 | Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vecto… | |
CVE-2007-2732 | | 2007-05-16 | Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to v… | |
CVE-2007-2731 | | 2007-05-16 | CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the su… | |
CVE-2007-1898 | | 2007-05-16 | formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject p… | |
CVE-2006-4740 | | 2006-09-13 | Jetbox CMS allows remote attackers to obtain sensitive information via a direct request for certain files, which reveal the path in an error message. | |
CVE-2006-4739 | | 2006-09-13 | Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the Origin… | |
CVE-2006-4738 | | 2006-09-13 | PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path para… | |
CVE-2006-4737 | | 2006-09-13 | SQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter. NOTE: The view v… | |
CVE-2006-4422 | | 2006-08-29 | PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via… | |
CVE-2006-3586 | | 2006-08-08 | SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) v… | |
CVE-2006-3585 | | 2006-08-08 | Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login param… | |
CVE-2006-3584 | | 2006-08-08 | Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, w… | |
CVE-2006-3583 | | 2006-08-08 | Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section. | |
CVE-2006-2270 | | 2006-05-09 | PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_sc… |