10 results (0.014 seconds)

CVSS: 6.8EPSS: 1%CPEs: 11EXPL: 2

Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection by including awards.php. Vulnerabilidad de salto de directorio en src/func/language.php en webSPELL v4.2.0e y anteriores, permite a los atacantes remotos incluir y ejecutar arbitrariamente archivos locales .php a través de ..(punto punto) en una cookie de lenguaje. • https://www.exploit-db.com/exploits/8622 http://osvdb.org/54295 http://secunia.com/advisories/35016 http://www.osvdb.org/54296 http://www.securityfocus.com/bid/34862 http://www.webspell.org http://www.webspell.org/index.php?site=files&file=30 http://www.webspell.org/index.php?site=news_comments&newsID=130 https://exchange.xforce.ibmcloud.com/vulnerabilities/50395 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter. picture.php en WebSPELL 4.01.02 y anteriores permite a atacantes remotos leer ficheros de su elección mediante el parámetro file. • https://www.exploit-db.com/exploits/3673 http://www.vupen.com/english/advisories/2007/1274 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. Vulnerabilidad de salto de directorio en picture.php de WebSPELL 4.01.02 y anteriores, cuando se está utilizando PHP anterior a 4.3.0, permite a atacantes remotos leer ficheros de su elección mediante secuencias .. (punto punto) en el parámetro id. • https://www.exploit-db.com/exploits/3673 http://osvdb.org/34638 http://www.vupen.com/english/advisories/2007/1274 •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2

SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. Vulnerabilidad de inyección SQL en printview.php de webSPELL 4.01.02 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro topic, vector distinto a CVE-2007-1019, CVE-2006-5388, y CVE-2006-4783. • https://www.exploit-db.com/exploits/3351 http://osvdb.org/33231 http://secunia.com/advisories/24257 http://www.securityfocus.com/bid/22659 http://www.vupen.com/english/advisories/2007/0714 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. webSPELL 4.0, y posiblemente versiones posteriores, permite a atacantes remotos evitar autenticación mediante una cookie ws_auth, vulnerabilidad diferente a CVE-2006-4782. • http://osvdb.org/33143 http://securityreason.com/securityalert/2337 http://www.securityfocus.com/archive/1/460937/100/0/threaded • CWE-287: Improper Authentication •