CVSS: 6.1EPSS: 4%CPEs: 32EXPL: 4CVE-2010-2858 – SimpNews 2.47.3 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2858
23 Jul 2010 — Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en news.php en SimpNews 2.47.03, y versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) layout y (2) sortorder. • https://www.exploit-db.com/exploits/34286 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 32EXPL: 1CVE-2010-2859
https://notcve.org/view.php?id=CVE-2010-2859
23 Jul 2010 — news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message. news.php en SimpNews 2.47.3, y versiones anteriores, permite a atacantes remotos obtener información sensible mediante un parámetro lang inválido, lo que revela la ruta de instalación en un mensaje de error. • http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 4CVE-2010-1360 – FAQEngine 4.24.00 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2010-1360
13 Apr 2010 — Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php. Múltiples vulnerabilidades de inclusion remota de fichero PHP en FAQEngine v4.24.00 permite a atacantes remotos ejecu... • https://www.exploit-db.com/exploits/11111 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5128
https://notcve.org/view.php?id=CVE-2007-5128
27 Sep 2007 — SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. SimpNews 2.41.03 en Windows, al utilizar PHP anterior a 5.0.0, permite a atacantes remotos obtener información sensible mediante cierto parámetro link_date a events.php, lo cual revela la ruta en un mensaje de error debido a un tip... • http://forum.boesch-it.de/viewtopic.php?t=2791 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5129
https://notcve.org/view.php?id=CVE-2007-5129
27 Sep 2007 — SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. SimpGB 1.46.02 almacena información sensible bajo la raíz de documentos web con control de acceso insuficiente, lo cual permite a atacantes remotos (1) obtener información sensible de... • http://forum.boesch-it.de/viewtopic.php?t=2790 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5130
https://notcve.org/view.php?id=CVE-2007-5130
27 Sep 2007 — SimpGB 1.46.02 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php or (2) a direct request to admin/trailer.php, which reveals the path in various error messages. SimpGB 1.46.02 permite a atacantes remotos obtener información sensible mediante (1) un parámetro lang a admin/index.php o (2) una petición directa a admin/trailer.php, lo cual revela la ruta en varios mensajes de error. • http://forum.boesch-it.de/viewtopic.php?t=2790 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 2CVE-2007-4874 – SimpNews 2.41.3 - 'backurl' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4874
26 Sep 2007 — Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en SimpNews versión 2.41.03, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro l_username en el archivo admin/layout2b.php, y (2) parámetro backurl en el archivo comment... • https://www.exploit-db.com/exploits/30618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5560
https://notcve.org/view.php?id=CVE-2006-5560
27 Oct 2006 — Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en heading.php en Boesch ProgSys 0.151 y anteriores permiten a un atacante remoto inyectar secuencias de comandos web o HTML a... • http://secunia.com/advisories/22532 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 3CVE-2006-5530 – Simpnews 2.x - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5530
26 Oct 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. Vulnerabilidades de cruce de sitios en scripts (XSS) en Boesch SimpNews versiones anteriores a 2.34.01 permiten a atacantes remotos inyectar scripts WEB o... • https://www.exploit-db.com/exploits/28858 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2006-4944 – ProgSys 0.156 - 'RR.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4944
23 Sep 2006 — PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. Vulnerabilidad PHP de inclusión remota de archivo en includes/pear/Net/DNS/RR.php en ProgSys 0.151 y anteriores permite a un atacante remoto ejecutar código PHP de su elección a través de una URL en el parámetro phpdns_basedir . • https://www.exploit-db.com/exploits/2411 • CWE-94: Improper Control of Generation of Code ('Code Injection') •