CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2009-4820 – Angelo-emlak 1.0 - Database Disclosure
https://notcve.org/view.php?id=CVE-2009-4820
Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. Angelo-Emlak v1.0 almacena información sensible bajo el directorio web raíz con un control de acceso insuficiente, lo que permite a atacantes remotos descargar la base de datos a través de una petición directa a veribaze/angelo.mdb. • https://www.exploit-db.com/exploits/10576 http://osvdb.org/61228 http://secunia.com/advisories/37724 http://www.exploit-db.com/exploits/10576 https://exchange.xforce.ibmcloud.com/vulnerabilities/54946 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-2048 – Angelo-Emlak 1.0 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-2048
Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) de hpz/admin/Default.asp in Angelo-Emlak 1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro sayfa. • https://www.exploit-db.com/exploits/5503 http://secunia.com/advisories/29998 http://www.securityfocus.com/bid/28949 http://www.vupen.com/english/advisories/2008/1385 https://exchange.xforce.ibmcloud.com/vulnerabilities/42155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2047 – Angelo-Emlak 1.0 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-2047
Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp. Múltiples vulnerabilidades de inyección SQL en Angelo-Emlak 1.0 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id a (1) hpz/profil.asp y (2) hpz/prodetail.asp. • https://www.exploit-db.com/exploits/5503 http://secunia.com/advisories/29998 http://www.securityfocus.com/bid/28949 http://www.vupen.com/english/advisories/2008/1385 https://exchange.xforce.ibmcloud.com/vulnerabilities/42018 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •