CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 4CVE-2007-1240 – Docebo CMS 3.0.x - '/modules/htmlframechat/index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-1240
Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencia de comando en sitios cruzados (XSS) en Docebo CMS 3.0.3 hasta 3.0.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) searchkey en index.php, o el parámetro (2)sn o (3)ri en modules/htmlframechat/index.php. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos a partir de la información de terceros. • https://www.exploit-db.com/exploits/29662 https://www.exploit-db.com/exploits/29661 http://downloads.securityfocus.com/vulnerabilities/exploits/22719.html http://osvdb.org/35995 http://osvdb.org/35996 http://www.securityfocus.com/bid/22719 https://exchange.xforce.ibmcloud.com/vulnerabilities/32842 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2006-6957
https://notcve.org/view.php?id=CVE-2006-6957
PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576 and CVE-2006-3107, but the vectors are different. Vulnerabilidad de inclusión remota de archivo en PHP en addons/mod_media/body.php en Docebo 3.0.3 y anteriores, cuando register_globals está activado, permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro GLOBALS[where_framework]. NOTA: este problema podría ser resultado de una vulnerabilidad global de sobrescritura. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0109.html http://securityreason.com/securityalert/2194 http://www.osvdb.org/26710 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2006-6963
https://notcve.org/view.php?id=CVE-2006-6963
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap CVE-2006-2577. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en Docebo LMS 3.0.3 permiten a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro a través del parámetro GLOBALS[where_lms] de (1) class.module/class.definition.php y (2) modules/scorm/scorm_utils.php. NOTA: este problema podría superponerse con CVE-2006-2577. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0116.html http://securityreason.com/securityalert/2188 http://www.docebo.org/doceboCms/bugtracker/18_124/bugdetails/appid_1-bugid_154/bugtracker.html http://www.osvdb.org/26712 http://www.osvdb.org/26713 https://exchange.xforce.ibmcloud.com/vulnerabilities/26633 •
CVSS: 5.1EPSS: 1%CPEs: 1EXPL: 1CVE-2006-3107
https://notcve.org/view.php?id=CVE-2006-3107
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different. Múltiples vulnerabilidades PHP de inclusión remota de archivo en Docebo v3.0.3 y versiones anteriores, cuando register_globals está habilitado, que permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en (1) GLOBALS [where_framework] para (a) admin / modules / news / news_class. php y (b) admin / modules / content / content_class.php, y (2) GLOBALS [where_cms] a (c) admin / modules / block_media / util.media.php. NOTA: este problema puede ser el resultado de una vulnerabilidad de sobreescritura de ámbito global. • http://securitytracker.com/id?1016259 http://www.osvdb.org/26707 http://www.osvdb.org/26708 http://www.osvdb.org/26709 https://exchange.xforce.ibmcloud.com/vulnerabilities/26633 •
CVSS: 5.1EPSS: 1%CPEs: 1EXPL: 2CVE-2006-2577 – Docebo 3.0.3 - Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2006-2577
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information. • https://www.exploit-db.com/exploits/1817 http://secunia.com/advisories/20260 http://www.osvdb.org/25757 https://exchange.xforce.ibmcloud.com/vulnerabilities/26633 •