CVE-2008-7121
https://notcve.org/view.php?id=CVE-2008-7121
Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mr. CGI Guy Hot Links SQL-PHP v3 y anteriores permite a atacantes remotos inyectar HTML o scripts web a través de la barra de búsqueda. • http://www.packetstormsecurity.org/0809-exploits/hotlinks-sql.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-7120 – Hot Links SQL-PHP - 'news.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-7120
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter. Una vulnerabilidad de inyección SQL en Mr. CGI Guy Hot Links SQL-PHP v3 y anteriores permite a atacantes remotos ejecutar comandos SQL a través del parámetro news.php. • https://www.exploit-db.com/exploits/32355 http://www.packetstormsecurity.org/0809-exploits/hotlinks-sql.txt http://www.securityfocus.com/bid/31118 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2006-7086 – Hot Links - Perl PHP Information Disclosure
https://notcve.org/view.php?id=CVE-2006-7086
The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter. Los archivos (1) dlback.php y (2) dlback.cgi de Hot Links permite a atacantes remotos obtener información sensible y descargar la base de datos mediante una petición directa con un parámetro dl modificado. • https://www.exploit-db.com/exploits/29047 http://marc.info/?l=bugtraq&m=116370290529916&w=2 http://marc.info/?l=bugtraq&m=116373064308228&w=2 http://secunia.com/advisories/22970 http://www.securityfocus.com/bid/21112 http://www.vupen.com/english/advisories/2006/4585 https://exchange.xforce.ibmcloud.com/vulnerabilities/30340 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •