Filtered by vendor Socialengine
Subscriptions
Filtered by product Socialengine
Subscriptions
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-4898 | 2 Socialengine, Webhive | 2 Socialengine, Timeline | 2024-11-21 | N/A |
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/. | ||||
CVE-2012-6721 | 1 Socialengine | 1 Socialengine | 2024-11-21 | 6.3 Medium |
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4. | ||||
CVE-2012-6720 | 1 Socialengine | 1 Socialengine | 2024-11-21 | 6.1 Medium |
Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*. | ||||
CVE-2009-0400 | 1 Socialengine | 1 Socialengine | 2024-11-21 | N/A |
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | ||||
CVE-2008-6121 | 1 Socialengine | 1 Socialengine | 2024-11-21 | N/A |
CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie. | ||||
CVE-2008-6120 | 1 Socialengine | 1 Socialengine | 2024-11-21 | N/A |
SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter. |
Page 1 of 1.