CVE-2007-4009 – Confixx Pro 3.3.1 - 'saveserver.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-4009
PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter. Una vulnerabilidad de inclusión remota de archivos PHP en el archivo admin/business_inc/saveserver.php en SWSoft Confixx Pro versiones 2.0.12 hasta 3.3.1, permite a atacantes remotos ejecutar código PHP arbitrario por medio de una URL en el parámetro thisdir. • https://www.exploit-db.com/exploits/4219 ftp://download1.swsoft.com/Confixx/security_hotfix/1/release_notes.txt http://secunia.com/advisories/26300 http://www.securityfocus.com/bid/25036 http://www.vupen.com/english/advisories/2007/2743 http://xpkzxc.com/exploits/confixx.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/35586 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-3179
https://notcve.org/view.php?id=CVE-2006-3179
Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en tools_ftp_pwaendern.php en Confixx Pro v.3.0 y posiblemente en versiones anteriores, permite a atacantes remotos inyectar código script web de su elección o HTML a través del parámetro account. • http://secunia.com/advisories/20728 http://securityreason.com/securityalert/1126 http://www.osvdb.org/26628 http://www.securityfocus.com/archive/1/437550/100/0/threaded http://www.securityfocus.com/bid/18523 http://www.vupen.com/english/advisories/2006/2429 https://exchange.xforce.ibmcloud.com/vulnerabilities/27222 •
CVE-2006-3180
https://notcve.org/view.php?id=CVE-2006-3180
Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter. Vulnerabilidad de jecución de secuencias de comandos en sitios cruzados (XSS) en ftp_index.php en Confixx Pro v3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "path". • http://archives.neohapsis.com/archives/bugtraq/2006-06/0383.html http://secunia.com/advisories/20728 http://www.osvdb.org/26629 http://www.securityfocus.com/bid/18426 http://www.vupen.com/english/advisories/2006/2429 https://exchange.xforce.ibmcloud.com/vulnerabilities/27222 •
CVE-2006-2423 – Confixx 3.0/3.1 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2423
Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. • https://www.exploit-db.com/exploits/27884 http://secunia.com/advisories/20105 http://securityreason.com/securityalert/687 http://securityreason.com/securityalert/903 http://www.osvdb.org/25525 http://www.securityfocus.com/archive/1/434034/100/0/threaded http://www.securityfocus.com/bid/17984 http://www.vupen.com/english/advisories/2006/1817 https://exchange.xforce.ibmcloud.com/vulnerabilities/26472 •
CVE-2005-1302
https://notcve.org/view.php?id=CVE-2005-1302
SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field. • http://marc.info/?l=bugtraq&m=111444886429814&w=2 http://secunia.com/advisories/15121 http://securityreason.com/securityalert/694 http://www.osvdb.org/15815 http://www.securityfocus.com/bid/13355 •