CVE-2010-4856 – xWeblog 2.2 - 'arsiv.asp?tarih' SQL Injection
https://notcve.org/view.php?id=CVE-2010-4856
SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter. Vulnerabilidad de inyección SQL en arsiv.asp de xWeblog 2.2. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro tarih. • https://www.exploit-db.com/exploits/15219 http://www.exploit-db.com/exploits/15219 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4855 – xWeblog 2.2 - 'oku.asp?makale_id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-4855
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter. Vulnerabilidad de inyección SQL en oku.asp de xWeblog 2.2. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro makale_id. • https://www.exploit-db.com/exploits/15218 http://packetstormsecurity.org/1010-exploits/xweblog22-sql.txt http://secunia.com/advisories/41708 http://securityreason.com/securityalert/8414 http://www.exploit-db.com/exploits/15218 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4145 – Kisisel Radyo Script - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4145
Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. Kisisel Radyo Script almacena información confidencial bajo la carpeta raíz web con controles de acceso insuficientes; lo que permite, a atacantes remotos, descargar una base de datos a través de una petición directa a sevvo/eco23.mdb. • https://www.exploit-db.com/exploits/15270 http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt http://secunia.com/advisories/41816 http://www.exploit-db.com/exploits/15270 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-4144 – Kisisel Radyo Script - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4144
SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter. Vulnerabilidad de Inyección SQL en radyo.asp en Kisisel Radyo Script permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro ID. • https://www.exploit-db.com/exploits/15270 http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt http://secunia.com/advisories/41816 http://www.exploit-db.com/exploits/15270 http://www.securityfocus.com/bid/44155 https://exchange.xforce.ibmcloud.com/vulnerabilities/62600 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-1736
https://notcve.org/view.php?id=CVE-2010-1736
KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. KrM Haber 1.0 almacena información sensible en la raíz Web con controles de acceso insuficientes, esto permite a atacantes remotos descargar una base de datos mediante una solicitud directa a d_atabase/Krmdb.mdb. • http://osvdb.org/64217 http://packetstormsecurity.org/1004-exploits/krmhaber-disclose.txt http://secunia.com/advisories/39700 https://exchange.xforce.ibmcloud.com/vulnerabilities/58284 • CWE-264: Permissions, Privileges, and Access Controls •