CVSS: 5.0EPSS: 0%CPEs: 32EXPL: 1CVE-2010-2859
https://notcve.org/view.php?id=CVE-2010-2859
news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message. news.php en SimpNews 2.47.3, y versiones anteriores, permite a atacantes remotos obtener información sensible mediante un parámetro lang inválido, lo que revela la ruta de instalación en un mensaje de error. • http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt http://www.securityfocus.com/archive/1/512271/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 4CVE-2010-2858 – SimpNews 2.47.3 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2858
Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en news.php en SimpNews 2.47.03, y versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) layout y (2) sortorder. • https://www.exploit-db.com/exploits/34286 http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt http://secunia.com/advisories/40501 http://websecurity.com.ua/4245 http://www.securityfocus.com/archive/1/512271/100/0/threaded http://www.securityfocus.com/bid/41517 https://exchange.xforce.ibmcloud.com/vulnerabilities/60244 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5128
https://notcve.org/view.php?id=CVE-2007-5128
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. SimpNews 2.41.03 en Windows, al utilizar PHP anterior a 5.0.0, permite a atacantes remotos obtener información sensible mediante cierto parámetro link_date a events.php, lo cual revela la ruta en un mensaje de error debido a un tipo de argumento no soportado por la función mktime en Windows. • http://forum.boesch-it.de/viewtopic.php?t=2791 http://securityreason.com/securityalert/3174 http://www.netvigilance.com/advisory0068 http://www.securityfocus.com/archive/1/480588/100/0/threaded • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4874 – SimpNews 2.41.3 - 'backurl' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4874
Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en SimpNews versión 2.41.03, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro l_username en el archivo admin/layout2b.php, y (2) parámetro backurl en el archivo comment.php. SimpNews version 2.41.03 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/30618 https://www.exploit-db.com/exploits/30617 http://forum.boesch-it.de/viewtopic.php?t=2791 http://secunia.com/advisories/26965 http://securityreason.com/securityalert/3166 http://www.netvigilance.com/advisory0070 http://www.securityfocus.com/archive/1/480598/100/0/threaded http://www.securityfocus.com/bid/25809 https://exchange.xforce.ibmcloud.com/vulnerabilities/36774 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •