HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 and earlier allows remote attackers to inject arbitrary HTML headers via adclick.php and possibly other unspecified vectors.
Max CVSS
5.0
EPSS Score
0.32%
Published
2005-11-24
Updated
2016-10-18
Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.
Max CVSS
7.5
EPSS Score
1.82%
Published
2005-11-17
Updated
2017-07-11
phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.
Max CVSS
5.0
EPSS Score
1.24%
Published
2005-11-17
Updated
2017-07-11
SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the clientid parameter.
Max CVSS
7.5
EPSS Score
0.65%
Published
2005-08-23
Updated
2017-07-11
Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds before 2.0.6 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) layerstyle parameter to adlayer.php or (2) language parameter to js-form.php.
Max CVSS
5.0
EPSS Score
0.93%
Published
2005-08-23
Updated
2017-07-11
5 vulnerabilities found