2 results (0.010 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests. Vulnerabilidad sin especificar en el GONICUS System Administration (GOsa) anterior al 2.5.8 permite a usuarios remotos autenticados modificar ciertas configuraciones, incluida la contraseña del administrador (admin), mediante peticiones POST modificadas. • http://oss.gonicus.de/pipermail/gosa/2007-January/002650.html http://osvdb.org/32821 http://secunia.com/advisories/23749 http://www.vupen.com/english/advisories/2007/0207 https://exchange.xforce.ibmcloud.com/vulnerabilities/31516 •

CVSS: 6.8EPSS: 11%CPEs: 1EXPL: 2

PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php. • https://www.exploit-db.com/exploits/22279 http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003932.html http://secunia.com/advisories/8120 http://www.securityfocus.com/archive/1/313282/30/25760/threaded http://www.securityfocus.com/bid/6922 http://www.securitytracker.com/id?1006162 https://exchange.xforce.ibmcloud.com/vulnerabilities/11408 • CWE-94: Improper Control of Generation of Code ('Code Injection') •