CVSS: 5.0EPSS: 0%CPEs: 32EXPL: 1CVE-2010-2859
https://notcve.org/view.php?id=CVE-2010-2859
news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message. news.php en SimpNews 2.47.3, y versiones anteriores, permite a atacantes remotos obtener información sensible mediante un parámetro lang inválido, lo que revela la ruta de instalación en un mensaje de error. • http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt http://www.securityfocus.com/archive/1/512271/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 4CVE-2010-2858 – SimpNews 2.47.3 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2858
Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en news.php en SimpNews 2.47.03, y versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) layout y (2) sortorder. • https://www.exploit-db.com/exploits/34286 http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt http://secunia.com/advisories/40501 http://websecurity.com.ua/4245 http://www.securityfocus.com/archive/1/512271/100/0/threaded http://www.securityfocus.com/bid/41517 https://exchange.xforce.ibmcloud.com/vulnerabilities/60244 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-2750 – SimpNews 2.40.01 - 'newnr' SQL Injection
https://notcve.org/view.php?id=CVE-2007-2750
SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter. Vulnerabilidad de inyección SQL en print.php de SimpNews 2.40.01 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro newsnr. • https://www.exploit-db.com/exploits/3942 http://osvdb.org/36090 http://secunia.com/advisories/25296 http://www.securityfocus.com/bid/24028 http://www.vupen.com/english/advisories/2007/1856 https://exchange.xforce.ibmcloud.com/vulnerabilities/34356 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 3CVE-2006-5530 – Simpnews 2.x - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5530
Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. Vulnerabilidades de cruce de sitios en scripts (XSS) en Boesch SimpNews versiones anteriores a 2.34.01 permiten a atacantes remotos inyectar scripts WEB o HTML mediante parámetros sin especificar en (1) admin/index.php, (2) admin/pwlost.php, y otros filos sin especificar. NOTA. El origen de esta información es desconocido; los detalles se han obtenido a partir de información de terceros. • https://www.exploit-db.com/exploits/28858 https://www.exploit-db.com/exploits/28859 http://secunia.com/advisories/22535 http://www.boesch-it.de/sw/php-scripts/simpnews/english/index.php http://www.securityfocus.com/bid/20714 http://www.vupen.com/english/advisories/2006/4162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •