CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0630
https://notcve.org/view.php?id=CVE-2007-0630
Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inyección SQL en la función generate_csv del classes/class.news.php en el X-dev xNews 1.3 y versiones anteriores permiten a atacantes remotos ejecutar comandos SQL de su elección mediante los parámetros (1) id, (2) from y (3) q, vectores diferentes que los de la CVE-2007-0569. NOTA: la procedencia de esta información es desconocida; los detalles se obtienen a partir de la información de terceros. • http://osvdb.org/33000 http://www.vupen.com/english/advisories/2007/0395 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-0569 – xNews 1.3 - 'xNews.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-0569
SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action. Vulnerabilidad de inyección SQL en xNews.php de xNews 1.3 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id en la acción shownews. • https://www.exploit-db.com/exploits/3216 http://osvdb.org/32999 http://secunia.com/advisories/23954 http://www.securityfocus.com/bid/22284 https://exchange.xforce.ibmcloud.com/vulnerabilities/31855 •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1CVE-2006-5447
https://notcve.org/view.php?id=CVE-2006-5447
Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en DEV Web Management System (WMS) 1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro action. • http://securityreason.com/securityalert/1758 http://www.securityfocus.com/archive/1/449121/100/0/threaded http://www.securityfocus.com/bid/20590 http://www.x0n3-h4ck.org/index.php?name=news&article=139 https://exchange.xforce.ibmcloud.com/vulnerabilities/29659 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 3CVE-2006-2339 – EvoTopsite 2.0 - 'index.php' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2006-2339
SQL injection vulnerability in index.php in evoTopsites 2.x and evoTopsites Pro 2.x allows remote attackers to execute arbitrary SQL commands via the (1) cat_id and (2) id parameters. • https://www.exploit-db.com/exploits/27837 http://secunia.com/advisories/19989 http://securitytracker.com/id?1016062 http://www.hamid.ir/security/evotopsites.txt http://www.osvdb.org/25440 http://www.securityfocus.com/bid/17893 http://www.vupen.com/english/advisories/2006/1689 https://exchange.xforce.ibmcloud.com/vulnerabilities/26328 •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1899
https://notcve.org/view.php?id=CVE-2006-1899
Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters. • http://secunia.com/advisories/19703 http://securitytracker.com/id?1015960 http://www.securityfocus.com/archive/1/431131/100/0/threaded http://www.securityfocus.com/bid/17552 http://www.vupen.com/english/advisories/2006/1406 https://exchange.xforce.ibmcloud.com/vulnerabilities/25913 •