4 results (0.010 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

ar web content manager (AWCM) 2.2 does not restrict the number of comment records that can be submitted through HTTP requests, which allows remote attackers to cause a denial of service (disk consumption) via the coment parameter to (1) show_video.php or (2) topic.php. ar web content manager (AWCM) v2.2 no limita el número de registros de comentarios que se pueden enviar a través de peticiones HTTP, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de disco) mediante el parámetro coment a (1) show_video.php o (2) topic.php. AWCM version 2.2 appears to suffer from cookie forgery and direct access vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79927 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 2

cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter. cookie_gen.php en ar web content manager (AWCM) v2.2 no requiere autenticación, lo que permite a atacantes remotos generar cookies de su elección a través del parámetro name en conjunción con el parámetro content. AWCM version 2.2 appears to suffer from cookie forgery and direct access vulnerabilities. • https://www.exploit-db.com/exploits/38015 http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79926 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3

Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en search.php en AR Web Content Manager (AWCM) v2.1, v2.2, y posiblemente otras versiones permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro search. • https://www.exploit-db.com/exploits/35555 http://secpod.org/advisories/SECPOD_AWCM_XSS.txt http://securityreason.com/securityalert/8193 http://www.securityfocus.com/archive/1/517294/100/0/threaded http://www.securityfocus.com/bid/47126 https://exchange.xforce.ibmcloud.com/vulnerabilities/66536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3

Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php. Múltiples vulnerabilidades de salto de directorio en AR Web Content Manager (AWCM) v2.2 permite a atacantes remotos leer archivos de su elección y posiblemente tener otros impactos no especificados a través de .. (punto punto) en el (1) awcm_theme o (2)la cookie awcm_lang para (a) index.php o (b) header.php. • https://www.exploit-db.com/exploits/16049 http://www.exploit-db.com/exploits/16049 http://www.securityfocus.com/bid/46017 https://exchange.xforce.ibmcloud.com/vulnerabilities/64980 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •