13 results (0.001 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WOW Raid Manager (WRM) antes de v3.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://secunia.com/advisories/32172 http://sourceforge.net/project/shownotes.php?release_id=631789 http://www.wowraidmanager.net/e107_plugins/forum/forum_viewtopic.php?2044.post • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0

Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown impact and remote attack vectors. Desbordamiento de búfer en Uploadlist de eMule X-Ray versiones anteriores a la 1.4, tiene un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/30292 http://sourceforge.net/project/shownotes.php?release_id=599894 http://www.vupen.com/english/advisories/2008/1685/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42687 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1. Admin.php en Web Slider 0.6 permite a atacantes remotos evitar la autentificación y obtener privilegios poniendo la cookie admin a 1. • https://www.exploit-db.com/exploits/5629 http://www.securityfocus.com/bid/29246 https://exchange.xforce.ibmcloud.com/vulnerabilities/42468 • CWE-287: Improper Authentication •

CVSS: 5.8EPSS: 1%CPEs: 1EXPL: 2

Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI. Vulnerabilidad de salto de directorio en phpMyClub 0.0.1 permite a atacantes remotos incluir y ejecutar archivos locales a su elección mediante un .. (punto punto) en el parámetro page_courante de la URI de nivel superior. • https://www.exploit-db.com/exploits/5000 http://www.securityfocus.com/bid/27480 http://www.vupen.com/english/advisories/2008/0350 https://exchange.xforce.ibmcloud.com/vulnerabilities/40007 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0

Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured. Creammonkey 0.9 hasta 1.1 y GreaseKit 1.2 hasta v1.3 no evita apropiadamente el acceso a funciones peligrosas, lo cual permite a atacantes remotos leer la configuración, modificarla, ó enviar una petición HTTP mediante la función (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, ó (6) GM_xmlhttpRequest sin una página web en la cual el script de usuario sea configurado. • http://8-p.info/greasekit/vuln/20071226-en.html http://osvdb.org/42819 http://secunia.com/advisories/28241 https://exchange.xforce.ibmcloud.com/vulnerabilities/39272 • CWE-264: Permissions, Privileges, and Access Controls •