2 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information. • http://echo.or.id/adv/adv03-y3dips-2004.txt http://secunia.com/advisories/12230 http://www.kb.cert.org/vuls/id/586720 http://www.osvdb.org/8325 http://www.securityfocus.com/archive/1/370852 http://www.securityfocus.com/bid/10858 https://exchange.xforce.ibmcloud.com/vulnerabilities/16898 •

CVSS: 4.6EPSS: 2%CPEs: 1EXPL: 2

Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code. • http://echo.or.id/adv/adv03-y3dips-2004.txt http://secunia.com/advisories/12230 http://www.kb.cert.org/vuls/id/417408 http://www.securityfocus.com/archive/1/370852 http://www.securityfocus.com/bid/10859 https://exchange.xforce.ibmcloud.com/vulnerabilities/16900 •