pixelpost

Top products

The 15 most recently published vulnerabilities affecting pixelpost.

• CVE-2010-3305Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.8.8Nov 12, 2019
• CVE-2009-4900pixelpost 1.7.1 has XSS6.1Oct 28, 2019
• CVE-2009-4899pixelpost 1.7.1 has SQL injection9.8Oct 28, 2019
• CVE-2018-0606SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.7.2Jun 26, 2018
• CVE-2018-0605Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.6.1Jun 26, 2018
• CVE-2018-0604Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors.7.2Jun 26, 2018
• CVE-2011-3792Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/fun...5.0Sep 24, 2011
• CVE-2011-1100Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) sele...6.5Feb 25, 2011
• CVE-2008-3365Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot do...6.8Jul 30, 2008
• CVE-2008-0358SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter.6.8Jan 18, 2008
• CVE-2006-2891Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter.2.6Jun 7, 2006
• CVE-2006-2890Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] param...5.1Jun 7, 2006
• CVE-2006-2889Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, v...5.1Jun 7, 2006
• CVE-2006-1106Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email par...4.3Mar 9, 2006
• CVE-2006-1105Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has di...5.0Mar 9, 2006