3 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. Ocean12 Membership Manager Pro graba información sensible bajo la raíz web con control de acceso insuficiente, el cual permite a los atacantes remotos obtener información sensible a través de una petición directa a fichero o12member.mdb. • http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt http://secunia.com/advisories/32409 https://exchange.xforce.ibmcloud.com/vulnerabilities/46133 https://exchange.xforce.ibmcloud.com/vulnerabilities/46693 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 5

Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter. • https://www.exploit-db.com/exploits/25354 http://secunia.com/advisories/14864 http://securitytracker.com/id?1013667 http://www.hackerscenter.com/archive/view.asp?id=1865 http://www.osvdb.org/15306 http://www.securityfocus.com/bid/13046 https://exchange.xforce.ibmcloud.com/vulnerabilities/20014 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter. • http://secunia.com/advisories/14864 http://securitytracker.com/id?1013667 http://www.hackerscenter.com/archive/view.asp?id=1865 http://www.osvdb.org/15307 http://www.securityfocus.com/bid/13049 https://exchange.xforce.ibmcloud.com/vulnerabilities/20015 •