CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5980 – Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5980
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. El gestor de listas de correo Ocean12 Mailing List Manager Gold almacena datos sensibles bajo el directorio raíz del arbol de directorios de la interfaz web con un control de acceso insuficiente, lo que permite a atacantes remotos descargar una base de datos a través de una petición directa de o12mail.mdb. • https://www.exploit-db.com/exploits/7319 http://secunia.com/advisories/32929 https://exchange.xforce.ibmcloud.com/vulnerabilities/47023 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-5978 – Ocean12 Mailing LisManager Gold 2.04 - 'Email' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5978
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp. Múltiples vulnerabilidades de inyección de SQL en Ocean12 Mailing List Manager Gold permite a atacantes remotos ejecutar comandos SQL a través del parámetro Email en (1) default.asp y (2) s_edit.asp. • https://www.exploit-db.com/exploits/32603 https://www.exploit-db.com/exploits/7319 http://secunia.com/advisories/32929 http://www.securityfocus.com/bid/32587 https://exchange.xforce.ibmcloud.com/vulnerabilities/47021 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5979 – Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5979
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en default.asp en Ocean12 Maling List Manager Gold permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro Email. • https://www.exploit-db.com/exploits/7319 http://secunia.com/advisories/32929 http://www.securityfocus.com/bid/32587 https://exchange.xforce.ibmcloud.com/vulnerabilities/47022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5127
https://notcve.org/view.php?id=CVE-2008-5127
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb. Ocean12 Contact Manager Pro 1.02 almacena información sensible en la raíz del web con controles de acceso deficientes; esto permite a atacantes remotos obtener información sensible mediante una solicitud directa a o12con.mdb. • http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt http://secunia.com/advisories/32409 https://exchange.xforce.ibmcloud.com/vulnerabilities/46133 https://www.exploit-db.com/exploits/7244 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5129
https://notcve.org/view.php?id=CVE-2008-5129
Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb. Ocean12 Poll Manager Pro v1.00 almacena información sensible bajo la raíz web con control de acceso insuficiente, lo cual permite a atacantes remotos obtener información sensible a través de una petición directa a o12poll.mdb. • http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt http://secunia.com/advisories/32409 https://exchange.xforce.ibmcloud.com/vulnerabilities/46133 https://exchange.xforce.ibmcloud.com/vulnerabilities/46692 • CWE-264: Permissions, Privileges, and Access Controls •