CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3751
https://notcve.org/view.php?id=CVE-2011-3751
LifeType 1.2.10 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/badbehavior/pluginbadbehavior.class.php. LifeType v1.2.10 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con plugins/badbehavior/pluginbadbehavior.class.php. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/lifetype-1.2.10 http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2008-2629 – PLog 1.0.6 - 'albumID' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2629
SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php. Vulnerabilidad de inyección SQL en el módulo LifeType (formerly pLog) para Drupal permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro albumId en una acción ViewAlbum de index.php. • https://www.exploit-db.com/exploits/5724 http://www.securityfocus.com/bid/29495 https://exchange.xforce.ibmcloud.com/vulnerabilities/42808 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2196 – LifeType 1.2.8 - 'admin.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2196
Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en admin.php de LifeType 1.2.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante el parámetro newBlogUserName en una acción addBlogUser, un vector distinto a CVE-2008-2178. • https://www.exploit-db.com/exploits/31740 http://secunia.com/advisories/30092 http://securityreason.com/securityalert/3879 http://www.securityfocus.com/archive/1/491600/100/0/threaded http://www.securityfocus.com/bid/29050 https://exchange.xforce.ibmcloud.com/vulnerabilities/42228 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2178
https://notcve.org/view.php?id=CVE-2008-2178
Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the searchTerms parameter in an editArticleCategories operation (aka an admin category search). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en admin.php de LifeType 1.2.7; permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección mediante el parámetro searchTerms en una operación editArticleCategories (también conocido como una búsqueda de categoría de administrador). • http://lifetype.net/post/2008/05/04/lifetype-1.2.8-released http://secunia.com/advisories/30075 http://securityreason.com/securityalert/3871 http://wiki.lifetype.net/index.php/Release_notes_Lifetype_1.2.8 http://www.securityfocus.com/archive/1/491550/100/0/threaded http://www.securityfocus.com/archive/1/491597/100/0/threaded http://www.securityfocus.com/bid/29017 https://exchange.xforce.ibmcloud.com/vulnerabilities/42151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-0979
https://notcve.org/view.php?id=CVE-2007-0979
Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL." Vulnerabilidad sin especificar en el LifeType anterior a la 1.1.6 y en la 1.2 anterior a la 1.2-beta2, permite a atacantes remotos la obtención de información sensible (contenido del fichero) a través de una URL modificada. • http://osvdb.org/33210 http://secunia.com/advisories/24170 http://www.lifetype.net/blog/lifetype-development-journal/releases http://www.securityfocus.com/bid/22572 http://www.vupen.com/english/advisories/2007/0616 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •