Vulnerabilities
Vulnerable Software
Php Arena:  >> Pafiledb  >> 3.1  Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-03-08
paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session.
CVSS Score
5.0
EPSS Score
0.007
Published
2005-01-10
Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2004-12-31
paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an error message.
CVSS Score
5.0
EPSS Score
0.003
Published
2004-04-27
Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551.
CVSS Score
4.3
EPSS Score
0.005
Published
2004-04-27


Contact Us

Shodan ® - All rights reserved