Phpkobo

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-5313 1Phpkobo 1Ajax Poll Script Nov 21, 2024 Sep 30, 2023 N/A· v4 3.7 LOW· v3 5.0 MEDIUM· v2 A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation l...Show more A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240949 was assigned to this vulnerability.Show less
CVE-2023-41450 1Phpkobo 1Ajaxnewsticker Nov 21, 2024 Sep 28, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
CVE-2023-41447 1Phpkobo 1Ajaxnewsticker Nov 21, 2024 Sep 28, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
CVE-2023-41446 1Phpkobo 1Ajaxnewsticker Nov 21, 2024 Sep 28, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
CVE-2023-41453 1Phpkobo 1Ajaxnewsticker Nov 21, 2024 Sep 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.
CVE-2023-41452 1Phpkobo 1Ajaxnewsticker Nov 21, 2024 Sep 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
CVE-2023-41451 1Phpkobo 1Ajaxnewsticker Nov 21, 2024 Sep 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
CVE-2023-41449 1Phpkobo 1Ajaxnewsticker Nov 21, 2024 Sep 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
CVE-2023-41448 1Phpkobo 1Ajaxnewsticker Nov 21, 2024 Sep 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.
CVE-2023-41445 1Phpkobo 1Ajaxnewsticker Nov 21, 2024 Sep 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.
CVE-2010-1063 1Phpkobo 1Free Real Estate Contact Form Script Apr 29, 2026 Mar 23, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal s...Show more Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2010-1062 1Phpkobo 1Free Real Estate Contact Form Script Apr 29, 2026 Mar 23, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a...Show more Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information.Show less
CVE-2010-1061 1Phpkobo 1Short Url Apr 29, 2026 Mar 23, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG...Show more Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2) codelib/cfg/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2010-1060 1Phpkobo 1Short Url Apr 29, 2026 Mar 23, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the L...Show more Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.Show less
CVE-2010-1059 1Phpkobo 1Address Book Script Apr 29, 2026 Mar 23, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory tra...Show more Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2010-1058 1Phpkobo 1Address Book Script Apr 29, 2026 Mar 23, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot d...Show more Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.Show less
CVE-2010-1057 1Phpkobo 1Adfreely Apr 29, 2026 Mar 23, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slas...Show more Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information.Show less