CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2007-6316 – barracudadrive 3.7.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6316
Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en el servidor web BarracudaDrive anterior a 3.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la ruta URI en una respuesta HTTP GET, la cual es activada por los administradores viendo los ficheros de registro a través de una pagina Trace. • https://www.exploit-db.com/exploits/4713 http://aluigi.altervista.org/adv/barradrive-adv.txt http://secunia.com/advisories/28032 http://securityreason.com/securityalert/3434 http://www.securityfocus.com/archive/1/484833/100/0/threaded http://www.securityfocus.com/bid/26805 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 3CVE-2007-6317 – barracudadrive 3.7.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6317
Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/. Múltiples vulnerabilidad de salto de directorio en el servidor web BarracudaDrive anterior a 3.8 permite a atacantes remotos leer archivos de su elección a través de ciertas secuencias ..\ (punto punto barra invertida) en la ruta URL, o (2) usuarios remotos validados para borrar archivos de su elección o crear directorios de su elección a través de la secuencia ..\ (punto punto barra invertida) en el parámetro dir en /drive/c/bdusers/USER/. • https://www.exploit-db.com/exploits/4713 http://aluigi.altervista.org/adv/barradrive-adv.txt http://secunia.com/advisories/28032 http://securityreason.com/securityalert/3434 http://www.securityfocus.com/archive/1/484833/100/0/threaded http://www.securityfocus.com/bid/26805 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 15%CPEs: 1EXPL: 2CVE-2007-3160 – PHP Real Estate Classifieds - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-3160
PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter. Vulnerabilidad de inclusión remota de archivo en PHP en PHP Real Estate Classifieds Premium Plus permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro loc. • https://www.exploit-db.com/exploits/4055 http://osvdb.org/36890 http://secunia.com/advisories/25615 http://www.securityfocus.com/bid/24399 http://www.vupen.com/english/advisories/2007/2168 https://exchange.xforce.ibmcloud.com/vulnerabilities/34790 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2005-4019 – Relative Real Estate Systems 1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-4019
SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter. • https://www.exploit-db.com/exploits/26723 http://pridels0.blogspot.com/2005/12/relative-real-estate-systems-sql-inj.html http://secunia.com/advisories/17846 http://www.osvdb.org/21432 http://www.securityfocus.com/bid/15714 http://www.vupen.com/english/advisories/2005/2723 https://exchange.xforce.ibmcloud.com/vulnerabilities/23435 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2153
https://notcve.org/view.php?id=CVE-2004-2153
Multiple unknown vulnerabilities in Real Estate Management Software 1.0 have unknown impact and attack vectors. • http://archives.neohapsis.com/archives/apps/freshmeat/2004-09/0030.html http://secunia.com/advisories/12721 http://www.osvdb.org/10480 http://www.securityfocus.com/bid/11304 https://exchange.xforce.ibmcloud.com/vulnerabilities/17598 •