3 results (0.002 seconds)

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via (1) the l_username parameter to the default URI under admin/ or (2) the l_emoticonlist parameter to admin/emoticonlist.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SimpGB 1.46.02 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) l_username al URI por defecto bajo admin/ o (2) l_emoticonlist a admin/emoticonlist.php. • https://www.exploit-db.com/exploits/30615 https://www.exploit-db.com/exploits/30616 http://forum.boesch-it.de/viewtopic.php?t=2790 http://secunia.com/advisories/26974 http://securityreason.com/securityalert/3171 http://www.netvigilance.com/advisory0067 http://www.securityfocus.com/archive/1/480596/100/0/threaded http://www.securityfocus.com/bid/25808 https://exchange.xforce.ibmcloud.com/vulnerabilities/36773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 30%CPEs: 1EXPL: 0

Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php, and possibly other PHP scripts. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en el SimpGB 1.46.0 permiten a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php y, posiblemente, otras secuencias de comandos PHP. • http://osvdb.org/38101 http://osvdb.org/38102 http://osvdb.org/38103 http://osvdb.org/38104 http://osvdb.org/38105 http://osvdb.org/38106 http://osvdb.org/38107 http://osvdb.org/38108 http://securityreason.com/securityalert/2735 http://www.attrition.org/pipermail/vim/2007-May/001626.html http://www.securityfocus.com/archive/1/469219/100/0/threaded http://www.xmors-seurity.com/advisory/SimpGB%28rfi%29.txt https://exchange.xforce.ibmcloud.com/vulnerabilitie •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php. • https://www.exploit-db.com/exploits/25224 http://marc.info/?l=bugtraq&m=111082702422979&w=2 http://secunia.com/advisories/14583 http://www.securityfocus.com/bid/12801 https://exchange.xforce.ibmcloud.com/vulnerabilities/19694 •