3 results (0.014 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3

Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. Angelo-Emlak v1.0 almacena información sensible bajo el directorio web raíz con un control de acceso insuficiente, lo que permite a atacantes remotos descargar la base de datos a través de una petición directa a veribaze/angelo.mdb. • https://www.exploit-db.com/exploits/10576 http://osvdb.org/61228 http://secunia.com/advisories/37724 http://www.exploit-db.com/exploits/10576 https://exchange.xforce.ibmcloud.com/vulnerabilities/54946 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) de hpz/admin/Default.asp in Angelo-Emlak 1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro sayfa. • https://www.exploit-db.com/exploits/5503 http://secunia.com/advisories/29998 http://www.securityfocus.com/bid/28949 http://www.vupen.com/english/advisories/2008/1385 https://exchange.xforce.ibmcloud.com/vulnerabilities/42155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp. Múltiples vulnerabilidades de inyección SQL en Angelo-Emlak 1.0 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id a (1) hpz/profil.asp y (2) hpz/prodetail.asp. • https://www.exploit-db.com/exploits/5503 http://secunia.com/advisories/29998 http://www.securityfocus.com/bid/28949 http://www.vupen.com/english/advisories/2008/1385 https://exchange.xforce.ibmcloud.com/vulnerabilities/42018 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •