MidnightBSD

Advisories for accomplishtechnology

CVE-2005-0896 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
accomplishtechnology phpmydirectory 10.1.3
CVE-2006-2521 HIGH

PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
accomplishtechnology phpmydirectory 1.2.0
accomplishtechnology phpmydirectory 1.0.4
accomplishtechnology phpmydirectory 1.1.3
accomplishtechnology phpmydirectory 1.4.0
accomplishtechnology phpmydirectory 1.3.5
accomplishtechnology phpmydirectory 1.0.6
accomplishtechnology phpmydirectory 1.3.2
accomplishtechnology phpmydirectory 10.1.3
accomplishtechnology phpmydirectory 1.0.7
accomplishtechnology phpmydirectory 1.0.1
accomplishtechnology phpmydirectory 1.1.6
accomplishtechnology phpmydirectory 1.0.3
accomplishtechnology phpmydirectory 1.1.8
accomplishtechnology phpmydirectory 1.1.7
accomplishtechnology phpmydirectory 1.1.9
accomplishtechnology phpmydirectory 1.0
accomplishtechnology phpmydirectory 1.0.9
accomplishtechnology phpmydirectory *
accomplishtechnology phpmydirectory 1.1.2
accomplishtechnology phpmydirectory 1.1.5
accomplishtechnology phpmydirectory 1.2.1
accomplishtechnology phpmydirectory 1.3.3
accomplishtechnology phpmydirectory 1.0.5
accomplishtechnology phpmydirectory 1.1.0
accomplishtechnology phpmydirectory 1.0.2
accomplishtechnology phpmydirectory 1.0.8
accomplishtechnology phpmydirectory 1.4.1
accomplishtechnology phpmydirectory 1.1.4
accomplishtechnology phpmydirectory 1.3.0
accomplishtechnology phpmydirectory 1.1.1
accomplishtechnology phpmydirectory 1.3.4
accomplishtechnology phpmydirectory 1.3.1
CVE-2006-3138 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
accomplishtechnology phpmydirectory 1.2.0
accomplishtechnology phpmydirectory 1.0.4
accomplishtechnology phpmydirectory 1.1.3
accomplishtechnology phpmydirectory 1.4.0
accomplishtechnology phpmydirectory 1.3.5
accomplishtechnology phpmydirectory 1.0.6
accomplishtechnology phpmydirectory 1.3.2
accomplishtechnology phpmydirectory 10.1.3
accomplishtechnology phpmydirectory 1.0.7
accomplishtechnology phpmydirectory 1.0.1
accomplishtechnology phpmydirectory 1.1.6
accomplishtechnology phpmydirectory 1.0.3
accomplishtechnology phpmydirectory 1.1.8
accomplishtechnology phpmydirectory 1.1.7
accomplishtechnology phpmydirectory 1.1.9
accomplishtechnology phpmydirectory 1.0
accomplishtechnology phpmydirectory 1.0.9
accomplishtechnology phpmydirectory *
accomplishtechnology phpmydirectory 1.1.2
accomplishtechnology phpmydirectory 1.1.5
accomplishtechnology phpmydirectory 1.2.1
accomplishtechnology phpmydirectory 1.3.3
accomplishtechnology phpmydirectory 1.0.5
accomplishtechnology phpmydirectory 1.1.0
accomplishtechnology phpmydirectory 1.0.2
accomplishtechnology phpmydirectory 10.4.4
accomplishtechnology phpmydirectory 1.0.8
accomplishtechnology phpmydirectory 1.4.1
accomplishtechnology phpmydirectory 1.1.4
accomplishtechnology phpmydirectory 1.3.0
accomplishtechnology phpmydirectory 1.1.1
accomplishtechnology phpmydirectory 1.3.4
accomplishtechnology phpmydirectory 1.3.1