34 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter. Vulnerabilidad de inyección SQL en arsiv.asp de xWeblog 2.2. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro tarih. • https://www.exploit-db.com/exploits/15219 http://www.exploit-db.com/exploits/15219 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter. Vulnerabilidad de inyección SQL en oku.asp de xWeblog 2.2. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro makale_id. • https://www.exploit-db.com/exploits/15218 http://packetstormsecurity.org/1010-exploits/xweblog22-sql.txt http://secunia.com/advisories/41708 http://securityreason.com/securityalert/8414 http://www.exploit-db.com/exploits/15218 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3

Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. Kisisel Radyo Script almacena información confidencial bajo la carpeta raíz web con controles de acceso insuficientes; lo que permite, a atacantes remotos, descargar una base de datos a través de una petición directa a sevvo/eco23.mdb. • https://www.exploit-db.com/exploits/15270 http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt http://secunia.com/advisories/41816 http://www.exploit-db.com/exploits/15270 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter. Vulnerabilidad de Inyección SQL en radyo.asp en Kisisel Radyo Script permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro ID. • https://www.exploit-db.com/exploits/15270 http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt http://secunia.com/advisories/41816 http://www.exploit-db.com/exploits/15270 http://www.securityfocus.com/bid/44155 https://exchange.xforce.ibmcloud.com/vulnerabilities/62600 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. KrM Haber 1.0 almacena información sensible en la raíz Web con controles de acceso insuficientes, esto permite a atacantes remotos descargar una base de datos mediante una solicitud directa a d_atabase/Krmdb.mdb. • http://osvdb.org/64217 http://packetstormsecurity.org/1004-exploits/krmhaber-disclose.txt http://secunia.com/advisories/39700 https://exchange.xforce.ibmcloud.com/vulnerabilities/58284 • CWE-264: Permissions, Privileges, and Access Controls •