NotCVE - vendor:"Aiocp" product:"Aiocp" version:"1.3.007"

7 results (0.001 seconds)

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

CVE-2007-3120

https://notcve.org/view.php?id=CVE-2007-3120

Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el public/code/cp_dpage.php del Panel de Control Todo en Uno (AIOCP) anterior a la versión 1.3.017 permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través del parámetro aiocp_dp. NOTA: alguno de estos detalles se obtienen a partir de la información de terceros. • http://osvdb.org/35533 http://secunia.com/advisories/25584 http://sourceforge.net/project/shownotes.php?release_id=514035 http://www.securityfocus.com/bid/24357 http://www.vupen.com/english/advisories/2007/2097 https://exchange.xforce.ibmcloud.com/vulnerabilities/34762 •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-2625

https://notcve.org/view.php?id=CVE-2007-2625

Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en shared/code/cp_authorization.php en All In One Control Panel (AIOCP) anterior a 1.3.016 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados. NOTA: algunos de estos detalles se obtuvieron de terceras fuentes de información. • http://osvdb.org/35535 http://sourceforge.net/project/shownotes.php?release_id=504924 http://www.vupen.com/english/advisories/2007/1637 •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2007-2624

https://notcve.org/view.php?id=CVE-2007-2624

Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information. Vulnerabilidad de evaluación de variable dinámica en shared/config/cp_config.php de All In One Control Panel (AIOCP) versiones anteriores a 1.3.016 permite a atacantes remotos llevar a cabo secuencias de comandos en sitios cruzados (XSS) y posiblemente otros ataques mediante el array superglobal SERVER. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://osvdb.org/35534 http://secunia.com/advisories/25088 http://sourceforge.net/project/shownotes.php?release_id=504924 http://www.securityfocus.com/bid/23790 http://www.vupen.com/english/advisories/2007/1637 https://exchange.xforce.ibmcloud.com/vulnerabilities/34038 •

CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 13

CVE-2006-5829 – AIOCP 1.3.x - 'cp_codice_fiscale.php' SQL Injection

https://notcve.org/view.php?id=CVE-2006-5829

Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php. Múltiples vulnerabilidades de inyección SQL en All In One Control Panel (AIOCP) 1.3.007 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) choosed_language en (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, y (i) cp_codice_fiscale.php en public/code/; el parámetro (2) news_category parameter de public/code/cp_news.php; el parámetro (3) nlmsg_nlcatid de public/code/cp_newsletter.php; el parámetro (4) links_category de public/code/cp_links.php; el parámetro (5) product_category_id de public/code/cp_show_ec_products.php; el parámetro (6) order_field de public/code/cp_show_ec_products.php; el parámetro (7) firstrow de public/code/cp_users_online.php; y el parámetro (8) orderdir de public/code/cp_links_search.php. • https://www.exploit-db.com/exploits/28933 https://www.exploit-db.com/exploits/28929 https://www.exploit-db.com/exploits/28923 https://www.exploit-db.com/exploits/28926 https://www.exploit-db.com/exploits/28925 https://www.exploit-db.com/exploits/28928 https://www.exploit-db.com/exploits/28934 https://www.exploit-db.com/exploits/28931 https://www.exploit-db.com/exploits/28924 https://www.exploit-db.com/exploits/28927 https://www.exploit-db.com/exploits/28930 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 2%CPEs: 8EXPL: 6

CVE-2006-5830 – AIOCP 1.3.x - 'cp_dpage.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2006-5830

Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en All In One Control Panel (AIOCP) 1.3.007 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección a través de los parámetros (1) topid, (2) forid, y (3) catid en code/cp_forum_view.php; (4) choosed_language en cp_dpage.php; (5) orderdir en cp_links_search.php; (6) order_field en (a) cp_show_ec_products.php y (b) cp_users_online.php; y los campos de código (7) signature y (8) fiscal en el perfil de usuario. • https://www.exploit-db.com/exploits/28918 https://www.exploit-db.com/exploits/28917 https://www.exploit-db.com/exploits/28921 https://www.exploit-db.com/exploits/28919 https://www.exploit-db.com/exploits/28920 http://secunia.com/advisories/22719 http://securityreason.com/securityalert/1839 http://sourceforge.net/project/shownotes.php?release_id=478370 http://www.securityfocus.com/archive/1/450701/100/0/threaded http://www.securityfocus.com/bid/20931 http://www.vupen.com •

1 2