Shodan
Vulnerabilities
Vulnerable Software
Phppgads:  >> Phppgads  Security Vulnerabilities
CVE-2006-5515
Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface.
CVSS Score
4.3
EPSS Score
0.009
Published
2006-10-26
CVE-2006-1397
Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.
CVSS Score
4.3
EPSS Score
0.009
Published
2006-03-28
CVE-2005-3791
HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 and earlier allows remote attackers to inject arbitrary HTML headers via adclick.php and possibly other unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-11-24
CVE-2005-3645
phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.
CVSS Score
5.0
EPSS Score
0.02
Published
2005-11-17
CVE-2005-3646
Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.
CVSS Score
7.5
EPSS Score
0.025
Published
2005-11-17
CVE-2005-2635
Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds before 2.0.6 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) layerstyle parameter to adlayer.php or (2) language parameter to js-form.php.
CVSS Score
5.0
EPSS Score
0.012
Published
2005-08-23
CVE-2005-2636
SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the clientid parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2005-08-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved