CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2008-5979 – Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5979
27 Jan 2009 — Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en default.asp en Ocean12 Maling List Manager Gold permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro Email. • https://www.exploit-db.com/exploits/7319 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2008-5980 – Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5980
27 Jan 2009 — Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. El gestor de listas de correo Ocean12 Mailing List Manager Gold almacena datos sensibles bajo el directorio raíz del arbol de directorios de la interfaz web con un control de acceso insuficiente, lo que permite a atacantes remotos descargar una base de datos a través de una petición directa de o12mail.mdb. • https://www.exploit-db.com/exploits/7319 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2008-5978 – Ocean12 Mailing LisManager Gold 2.04 - 'Email' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5978
27 Jan 2009 — Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp. Múltiples vulnerabilidades de inyección de SQL en Ocean12 Mailing List Manager Gold permite a atacantes remotos ejecutar comandos SQL a través del parámetro Email en (1) default.asp y (2) s_edit.asp. • https://www.exploit-db.com/exploits/32603 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •