Grayscale Bandsite Cms vulnerabilities
4 known vulnerabilities affecting grayscale/bandsite_cms.
Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2006-3193P3MEDIUMCVSS 5.1PoCv1.1.12006-06-23
CVE-2006-3193 [MEDIUM] CWE-94 CVE-2006-3193: Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_gl
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php,
nvd
CVE-2006-4985P4MEDIUMCVSS 4.3PoCv1.12006-09-26
CVE-2006-4985 [MEDIUM] CWE-79 CVE-2006-4985: Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers
Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/includes/helpfiles/help_mp3.php, (2) the message_text parameter in adminpanel/includes/mailinglist/sendemail.php, (3) the this_year parameter in includes/foot
nvd
CVE-2006-4984P4HIGHCVSS 7.5v1.12006-09-26
CVE-2006-4984 [HIGH] CVE-2006-4984: Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS allow remote attackers
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter in (1) adminpanel/includes/mailinglist/mlist_xls.php and (2) adminpanel/includes/add_forms/addmp3.php. NOTE: the other vectors from the original disclosure are already covered by CVE-2006-
nvd
CVE-2006-4986P4MEDIUMCVSS 5.0v1.12006-09-26
CVE-2006-4986 [MEDIUM] CVE-2006-4986: Grayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request
Grayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request for (1) certain files in the includes/content directory, (2) includes/shows_preview.php, and (3) adminpanel/configform.php; and files in adminpanel/includes/ including (4) mailinglist/disphtmltbl.php, (5) mailinglist/dispxls.php, (6) mailinglist/sendshows.php, (
nvd