13 results (0.004 seconds)

CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 0

CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via unspecified vectors. CGI RESCUE BloBee 1.20 y anteriores permite a atacantes remotos escribir en ficheros arbitrarios, y como consecuencia ejecutar código arbitrario, a través de vectores no especificados. • http://jvn.jp/en/jp/JVN24336273/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000087 http://www.securityfocus.com/bid/75183 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before 2.11 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CGI RESCUE Trees anterior a v2.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros inespecíficos. • http://jvn.jp/en/jp/JVN28521500/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000028.html http://osvdb.org/54545 http://secunia.com/advisories/35123 http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20090512155247 http://www.securityfocus.com/bid/34999 https://exchange.xforce.ibmcloud.com/vulnerabilities/50579 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t before 8.95t, 8 before 8.95, 9 before 9.08, and 10 before 10.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CGI RESCUE MiniBBS v8t anteriores a v8.95t, v8 anteriores a v8.95, v9 anteriores a v9.08, y v10 anteriores a v10.32 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://jvn.jp/en/jp/JVN11396739/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000022.html http://secunia.com/advisories/34887 http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937 http://www.securityfocus.com/bid/34718 https://exchange.xforce.ibmcloud.com/vulnerabilities/50219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form. Vulnerabilidad no especificada en CGI RESCUE FORM2MAIL anterior a v1.42 permite a atacantes remotos enviar correos electrónicos a destinatarios de su elección mediante un formulario web. • http://jvn.jp/en/jp/JVN76370393/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000023.html http://osvdb.org/54097 http://secunia.com/advisories/34869 http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01 allows remote attackers to send email to arbitrary recipients via unknown vectors. Vulnerabilidad no especificada en CGI RESCUE MiniBBS22 anterior a 1.01 permite a atacantes remotos enviar correos electrónicos a destinatarios de su elección mediante vectores desconocidos. • http://jvn.jp/en/jp/JVN36982346/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000021.html http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937 •