CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2008-5979 – Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5979
27 Jan 2009 — Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en default.asp en Ocean12 Maling List Manager Gold permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro Email. • https://www.exploit-db.com/exploits/7319 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2008-5980 – Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5980
27 Jan 2009 — Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. El gestor de listas de correo Ocean12 Mailing List Manager Gold almacena datos sensibles bajo el directorio raíz del arbol de directorios de la interfaz web con un control de acceso insuficiente, lo que permite a atacantes remotos descargar una base de datos a través de una petición directa de o12mail.mdb. • https://www.exploit-db.com/exploits/7319 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2008-5978 – Ocean12 Mailing LisManager Gold 2.04 - 'Email' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5978
27 Jan 2009 — Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp. Múltiples vulnerabilidades de inyección de SQL en Ocean12 Mailing List Manager Gold permite a atacantes remotos ejecutar comandos SQL a través del parámetro Email en (1) default.asp y (2) s_edit.asp. • https://www.exploit-db.com/exploits/32603 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5127
https://notcve.org/view.php?id=CVE-2008-5127
18 Nov 2008 — Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb. Ocean12 Contact Manager Pro 1.02 almacena información sensible en la raíz del web con controles de acceso deficientes; esto permite a atacantes remotos obtener información sensible mediante una solicitud directa a o12con.mdb. • http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5128
https://notcve.org/view.php?id=CVE-2008-5128
18 Nov 2008 — Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. Ocean12 Membership Manager Pro graba información sensible bajo la raíz web con control de acceso insuficiente, el cual permite a los atacantes remotos obtener información sensible a través de una petición directa a fichero o12member.mdb. • http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5129
https://notcve.org/view.php?id=CVE-2008-5129
18 Nov 2008 — Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb. Ocean12 Poll Manager Pro v1.00 almacena información sensible bajo la raíz web con control de acceso insuficiente, lo cual permite a atacantes remotos obtener información sensible a través de una petición directa a o12poll.mdb. • http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5130
https://notcve.org/view.php?id=CVE-2008-5130
18 Nov 2008 — Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb. Ocean12 Calendar Manager Gold v2.04 almacena información sensible bajo la web raíz con control de acceso insuficiente, lo cual permite a atacantes remotos obtener información sensible a través de una petición directa a o12cal.mdb. • http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2006-2264 – Ocean12 Technologies Calendar Manager Pro 1.0 1 - '/admin/edit.asp?ID' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2264
09 May 2006 — Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro 1.00 allow remote attackers to execute arbitrary SQL commands via the (1) date parameter to admin/main.asp, (2) SearchFor parameter to admin/view.asp, or (3) ID parameter to admin/edit.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • https://www.exploit-db.com/exploits/27827 •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 2CVE-2006-2265 – Ocean12 Technologies Calendar Manager Pro 1.0 1 - '/admin/main.asp?date' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2265
09 May 2006 — Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • https://www.exploit-db.com/exploits/27828 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2005-4657 – Ocean12 ASP Calendar Manager 1.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2005-4657
31 Dec 2005 — Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/view.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • https://www.exploit-db.com/exploits/26473 •