CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12729
https://notcve.org/view.php?id=CVE-2017-12729
A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password. Se ha descubierto un problema de inyección SQL en Moxa SoftCMS Live Viewer hasta la versión 1.6. Se ha identificado una vulnerabilidad de neutralización indebida de elementos especiales usada en un comando SQL ("inyección SQL"). • https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1CVE-2016-9332 – Moxa SoftCMS 1.5 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2016-9332
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition. Ha sido descubierto un problema en Moxa SoftCMS en versiones anteriores a 1.6. Moxa SoftCMS Webserver no valida correctamente una entrada. • https://www.exploit-db.com/exploits/40779 http://www.securityfocus.com/bid/94394 https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9333
https://notcve.org/view.php?id=CVE-2016-9333
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION). Ha sido descubierto un problema en Moxa SoftCMS en versiones anteriores a 1.6. La SoftCMS Application no desinfecta correctamente entradas que pueden permitir a atacantes remotos acceder a SoftCMS con privilegios de administrador a través de una entrada especialmente manipulada (SQL INJECTION). • http://www.securityfocus.com/bid/94394 https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2016-8360 – Moxa SoftCMS AspWebServer URL Processing Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-8360
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code. Ha sido descubierto un problema en las versiones de Moxa SoftCMS anteriores a la versión 1.6. Una solicitud de URL especialmente manipulada enviada al SoftCMS ASP Webserver puede provocar una doble condición libre en el servidor permitiendo a un atacante modificar ubicaciones de memoria y posiblemente provocar una denegación de servicio o la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. • http://www.securityfocus.com/bid/94394 https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02 • CWE-415: Double Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5792 – Moxa SoftCMS getcaminfo SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-5792
SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. Vulnerabilidad de inyección SQL en Moxa SoftCMS en versiones anteriores a 1.5 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de campos no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getcaminfo.asp script. When parsing the VWID element, the process fails to properly validate a user-supplied string before using it to construct SQL queries. • http://www.securityfocus.com/bid/92262 http://www.zerodayinitiative.com/advisories/ZDI-16-463 https://ics-cert.us-cert.gov/advisories/ICSA-16-215-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •