CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2011-3978
https://notcve.org/view.php?id=CVE-2011-3978
04 Oct 2011 — Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en LightNEasy.php en LightNEasy v3.2.4, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de los pa... • http://osvdb.org/75262 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4753
https://notcve.org/view.php?id=CVE-2010-4753
01 Mar 2011 — Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en LightNEasy.php de LightNEasy 3.2.1. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro id, que no es manejado apropiadamente en un mensaje de error SQL forzado... • http://holisticinfosec.org/content/view/168/45 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2010-4751 – LightNEasy CMS 3.2.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-4751
01 Mar 2011 — SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. Vulnerabilidad de inyección SQL en LightNEasy.php de LightNEasy 3.2.1, si magic_quotes_gpc está deshabilitado, permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través del parámetro id de una acci... • https://www.exploit-db.com/exploits/15060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2010-4752 – LightNEasy CMS 3.2.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-4752
01 Mar 2011 — SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en LightNEasy.php de LightNEasy 3.2.1, si magic_quotes_gpc está deshabilitado, permite a atacantes remotos e... • https://www.exploit-db.com/exploits/15060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2010-3484 – LightNEasy CMS 3.2.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-3484
22 Sep 2010 — SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. Vulnerabilidad de inyección SQL en common.php en LightNEasy en v3.2.1 permite a atacantes remotos ejecutar comandos SQL de su elección a mediante la manipulación de un parámetro en LightNEasy.php, un vector diferente de CVE-2008-6593. • https://www.exploit-db.com/exploits/15060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2010-3485 – LightNEasy CMS 3.2.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-3485
22 Sep 2010 — SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en common.php en LightNEasy v3.2.1 permite a atacantes remotos ejecutar comandos SQL de su elección a través de la cookie userhandle para LightNEasy.php, un vect... • https://www.exploit-db.com/exploits/15060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1937
https://notcve.org/view.php?id=CVE-2009-1937
05 Jun 2009 — Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemail (aka Email), and (3) commentmessage (aka Comment) parameters. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en funcionalidad de realizar comentarios de LightNEasy v2.2.1... • http://forum.intern0t.net/intern0t-advisories/1081-intern0t-lightneasy-2-2-2-html-injection-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6589
https://notcve.org/view.php?id=CVE-2008-6589
03 Apr 2009 — Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en LightNEasy "no database" (también conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML d... • http://secunia.com/advisories/29833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 2CVE-2008-6590 – LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6590
03 Apr 2009 — Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php. Múltiples vulnerabilidades de salto de directorio en LightNEasy "no database" (también conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos leer fichero de modo arbitrario a través de ..(punto punto) en el parámetro ... • https://www.exploit-db.com/exploits/5452 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2008-6591
https://notcve.org/view.php?id=CVE-2008-6591
03 Apr 2009 — LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php. LightNEasy "no database" (también conocido flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos crear ficheros a su elección a través del parámetro "page" a (1) index.php y (2) LightNEasy.php. • http://osvdb.org/44678 • CWE-94: Improper Control of Generation of Code ('Code Injection') •