MidnightBSD

Advisories for net_portal_dynamic_system

CVE-2005-1803 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter to faq.php, (5) the lettre parameter to the glossaire module, (6) the title parameter to reviews.php, or (7) the image_subject parameter to reply.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
net_portal_dynamic_system net_portal_dynamic_system 5.0
CVE-2005-1804 HIGH

Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or (2) query parameter to links.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
net_portal_dynamic_system net_portal_dynamic_system 5.0
CVE-2006-2952 MEDIUM

Directory traversal vulnerability in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) Default_Theme parameter to header.php or (2) ModPath parameter to modules/cluster-paradise/cluster-E.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
net_portal_dynamic_system net_portal_dynamic_system *