CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6590 – LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6590
Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php. Múltiples vulnerabilidades de salto de directorio en LightNEasy "no database" (también conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos leer fichero de modo arbitrario a través de ..(punto punto) en el parámetro "page" en (1) index.php y (2) LightNEasy.php. • https://www.exploit-db.com/exploits/5452 http://secunia.com/advisories/29833 http://www.osvdb.org/44672 http://www.osvdb.org/44673 http://www.securityfocus.com/archive/1/491064/100/0/threaded http://www.securityfocus.com/bid/28839 https://exchange.xforce.ibmcloud.com/vulnerabilities/41889 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6589
https://notcve.org/view.php?id=CVE-2008-6589
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en LightNEasy "no database" (también conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de modo arbitrario a través del parámetro "page" en (1) index.php y (2) LightNEasy.php. • http://secunia.com/advisories/29833 http://www.osvdb.org/44676 http://www.osvdb.org/44677 http://www.securityfocus.com/archive/1/491064/100/0/threaded http://www.securityfocus.com/bid/28839 https://exchange.xforce.ibmcloud.com/vulnerabilities/41888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •