CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12622
https://notcve.org/view.php?id=CVE-2018-12622
An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter. Se detectó un problema en Eventum versión 3.5.0. El archivo htdocs/ajax/update.php presenta un problema de tipo XSS por medio del parámetro field_name. • https://github.com/eventum/eventum/blob/master/CHANGELOG.md https://github.com/eventum/eventum/releases/tag/v3.5.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16761
https://notcve.org/view.php?id=CVE-2018-16761
Eventum before 3.4.0 has an open redirect vulnerability. Eventum, en versiones anteriores a la 3.4.0, tiene una vulnerabilidad de redirección abierta. • https://github.com/eventum/eventum/releases/tag/v3.4.0 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 5CVE-2014-1631 – Eventum - Insecure File Permissions
https://notcve.org/view.php?id=CVE-2014-1631
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. Eventum, en versiones anteriores a la 2.3.5 permite que atacantes remotos reinstalen la aplicación mediante una petición directa en /setup/index.php. Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities. • https://www.exploit-db.com/exploits/39065 https://www.exploit-db.com/exploits/39066 http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4666 http://www.securityfocus.com/archive/1/530891/100/0/threaded https://bugs.launchpad.net/eventum/+bug/1271499 https://www.htbridge.com/advisory/HTB23198 • CWE-275: Permission Issues •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 4CVE-2014-1632 – Eventum 2.3.4 - 'hostname' Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-1632
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. htdocs/setup/index.php en Eventum, en versiones anteriores a la 2.3.5, permite que atacantes remotos inyecten y ejecuten código PHP arbitrario mediante el parámetro hostname. Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities. • https://www.exploit-db.com/exploits/39066 http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665 http://www.securityfocus.com/archive/1/530891/100/0/threaded https://bugs.launchpad.net/eventum/+bug/1271499 https://www.htbridge.com/advisory/HTB23198 • CWE-275: Permission Issues •
CVSS: 5.8EPSS: 1%CPEs: 8EXPL: 9CVE-2005-2467 – MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2467
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php. • https://www.exploit-db.com/exploits/26056 https://www.exploit-db.com/exploits/26057 https://www.exploit-db.com/exploits/26058 http://lists.mysql.com/eventum-users/2072 http://marc.info/?l=bugtraq&m=112292193807958&w=2 http://secunia.com/advisories/16304 http://securitytracker.com/id?1014603 http://www.gulftech.org/?node=research&article_id=00093-07312005 http://www.osvdb.org/18400 http://www.osvdb.org/18401 http://www.osvdb.org/18402 http://www.securityfoc •