CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2881 – Relative Real Estate Systems 3.0 - 'listing_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2881
Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. Relative Real Estate Systems 3.0 y anteriores, guarda las contraseñas en texto claro (texto sin cifrar) en una base de datos MySQL; esto permite a atacantes dependientes del contacto obtener información sensible. • https://www.exploit-db.com/exploits/5924 http://e-rdc.org/v1/news.php?readmore=101 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6463
https://notcve.org/view.php?id=CVE-2007-6463
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes." Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el panel de administración de PHP Real Estate Classifieds permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de "cajas/áreas de texto" no especificadas. • http://osvdb.org/43708 http://phprealestatescript.com/PHPREC-121707-646PM-PATCH.zip • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6462 – PHP Real Estate - 'fullnews.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2007-6462
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el fichero fullnews.php de PHP Real Estate Classifieds, Permite que atacantes remotos ejecuten comandos SQL arbitrarios a través del parámetro id. • https://www.exploit-db.com/exploits/4737 http://phprealestatescript.com/PHPREC-121707-646PM-PATCH.zip http://secunia.com/advisories/28119 http://www.securityfocus.com/bid/26888 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 3CVE-2007-6315 – barracudadrive 3.7.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6315
Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. that does not contain a Connection ID, which results in a NULL pointer dereference. Group Chat en el servidor web BarracudaDrive anterior a 3.8 permite a usuarios remotos validados provocar denegación de servicio (caida) a tavés de una respuesta HTTP en /eh/chat.ehintf/C. que no contiene un conexión ID, la cual deriva en una referencia a un puntero NULL. • https://www.exploit-db.com/exploits/4713 http://aluigi.altervista.org/adv/barradrive-adv.txt http://secunia.com/advisories/28032 http://securityreason.com/securityalert/3434 http://www.securityfocus.com/archive/1/484833/100/0/threaded http://www.securityfocus.com/bid/26805 https://exchange.xforce.ibmcloud.com/vulnerabilities/38974 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 3CVE-2007-6314 – barracudadrive 3.7.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6314
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL. El servidor web BarracudaDrive anterior 3.8 permite a atacantes remotos leer el código fuente para secuencias de comandos web para añadir una (1) + (suma), (2) . (punto), o (3) %80 y caracteres similares al nombre de archivo en la URL. • https://www.exploit-db.com/exploits/4713 http://aluigi.altervista.org/adv/barradrive-adv.txt http://secunia.com/advisories/28032 http://securityreason.com/securityalert/3434 http://www.securityfocus.com/archive/1/484833/100/0/threaded http://www.securityfocus.com/bid/26805 https://exchange.xforce.ibmcloud.com/vulnerabilities/38972 • CWE-20: Improper Input Validation •