CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6589
https://notcve.org/view.php?id=CVE-2008-6589
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en LightNEasy "no database" (también conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de modo arbitrario a través del parámetro "page" en (1) index.php y (2) LightNEasy.php. • http://secunia.com/advisories/29833 http://www.osvdb.org/44676 http://www.osvdb.org/44677 http://www.securityfocus.com/archive/1/491064/100/0/threaded http://www.securityfocus.com/bid/28839 https://exchange.xforce.ibmcloud.com/vulnerabilities/41888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2008-0516
https://notcve.org/view.php?id=CVE-2008-0516
PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in SQLiteManager 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inclusión de archivo PHP remoto spaw/dialogs/confirm.php en SQLiteManager 1.2.0. Permite a atacantes remotos ejecutar código PHP arbitrario a través una URL en el parámetro spaw_root. NOTA: el origen de esta información es desconocido; los detalles se han obtenido solamente de información de terceros. • http://secunia.com/advisories/28642 http://www.securityfocus.com/bid/27515 https://exchange.xforce.ibmcloud.com/vulnerabilities/40065 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 13%CPEs: 1EXPL: 1CVE-2007-1232 – SQLiteManager 1.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2007-1232
Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie. Vulnerabilidad de escalado de directorio en SQLiteManager 1.2.0 permite a atacantes remotos leer ficheros de su elección mediante un .. (punto punto) en una cookie SQLiteManager_currentTheme. • https://www.exploit-db.com/exploits/29665 http://osvdb.org/33801 http://secunia.com/advisories/24296 http://securityreason.com/securityalert/2366 http://www.securityfocus.com/archive/1/461304/100/0/threaded http://www.securityfocus.com/bid/22727 https://exchange.xforce.ibmcloud.com/vulnerabilities/32693 •