17 results (0.005 seconds)

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1

Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password. La vulnerabilidad de tipo cross-site request forgery (CSRF) en pixelpost versión 1.7.3, podría permitir a atacantes remotos cambiar la contraseña de administrador. • https://access.redhat.com/security/cve/cve-2010-3305 https://security-tracker.debian.org/tracker/CVE-2010-3305 https://www.exploit-db.com/exploits/15014 https://www.openwall.com/lists/oss-security/2010/09/17/7 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

pixelpost 1.7.1 has XSS pixelpost versión 1.7.1 tiene una vulnerabilidad de tipo XSS. • https://access.redhat.com/security/cve/cve-2009-4900 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597224 https://security-tracker.debian.org/tracker/CVE-2009-4900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

pixelpost 1.7.1 has SQL injection pixelpost versión 1.7.1 tiene una inyección SQL. • https://access.redhat.com/security/cve/cve-2009-4899 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597224 https://security-tracker.debian.org/tracker/CVE-2009-4899 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Pixelpost, en versiones 1.7.3 y anteriores, permite que los atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN27978559/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting (XSS) en Pixelpost, en versiones 1.7.3 y anteriores, permite que los atacantes inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN27978559/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •