CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 3CVE-2007-6317 – barracudadrive 3.7.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6317
Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/. Múltiples vulnerabilidad de salto de directorio en el servidor web BarracudaDrive anterior a 3.8 permite a atacantes remotos leer archivos de su elección a través de ciertas secuencias ..\ (punto punto barra invertida) en la ruta URL, o (2) usuarios remotos validados para borrar archivos de su elección o crear directorios de su elección a través de la secuencia ..\ (punto punto barra invertida) en el parámetro dir en /drive/c/bdusers/USER/. • https://www.exploit-db.com/exploits/4713 http://aluigi.altervista.org/adv/barradrive-adv.txt http://secunia.com/advisories/28032 http://securityreason.com/securityalert/3434 http://www.securityfocus.com/archive/1/484833/100/0/threaded http://www.securityfocus.com/bid/26805 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 3CVE-2007-6314 – barracudadrive 3.7.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6314
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL. El servidor web BarracudaDrive anterior 3.8 permite a atacantes remotos leer el código fuente para secuencias de comandos web para añadir una (1) + (suma), (2) . (punto), o (3) %80 y caracteres similares al nombre de archivo en la URL. • https://www.exploit-db.com/exploits/4713 http://aluigi.altervista.org/adv/barradrive-adv.txt http://secunia.com/advisories/28032 http://securityreason.com/securityalert/3434 http://www.securityfocus.com/archive/1/484833/100/0/threaded http://www.securityfocus.com/bid/26805 https://exchange.xforce.ibmcloud.com/vulnerabilities/38972 • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 1%CPEs: 2EXPL: 3CVE-2007-6315 – barracudadrive 3.7.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6315
Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. that does not contain a Connection ID, which results in a NULL pointer dereference. Group Chat en el servidor web BarracudaDrive anterior a 3.8 permite a usuarios remotos validados provocar denegación de servicio (caida) a tavés de una respuesta HTTP en /eh/chat.ehintf/C. que no contiene un conexión ID, la cual deriva en una referencia a un puntero NULL. • https://www.exploit-db.com/exploits/4713 http://aluigi.altervista.org/adv/barradrive-adv.txt http://secunia.com/advisories/28032 http://securityreason.com/securityalert/3434 http://www.securityfocus.com/archive/1/484833/100/0/threaded http://www.securityfocus.com/bid/26805 https://exchange.xforce.ibmcloud.com/vulnerabilities/38974 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 15%CPEs: 1EXPL: 2CVE-2007-3160 – PHP Real Estate Classifieds - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-3160
PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter. Vulnerabilidad de inclusión remota de archivo en PHP en PHP Real Estate Classifieds Premium Plus permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro loc. • https://www.exploit-db.com/exploits/4055 http://osvdb.org/36890 http://secunia.com/advisories/25615 http://www.securityfocus.com/bid/24399 http://www.vupen.com/english/advisories/2007/2168 https://exchange.xforce.ibmcloud.com/vulnerabilities/34790 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2005-4019 – Relative Real Estate Systems 1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-4019
SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter. • https://www.exploit-db.com/exploits/26723 http://pridels0.blogspot.com/2005/12/relative-real-estate-systems-sql-inj.html http://secunia.com/advisories/17846 http://www.osvdb.org/21432 http://www.securityfocus.com/bid/15714 http://www.vupen.com/english/advisories/2005/2723 https://exchange.xforce.ibmcloud.com/vulnerabilities/23435 •