CVE-2007-6221 – TuMusika Evolution 1.7R5 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-6221
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. TuMusika Evolution 1.7R5 permite a atacantes remotos obtener información de la configuración a través de una respuesta directa en phpinfo.php, que llama a la función phpinfo. NOTA: el origen de esta información es desconocido; los detalles se obtuvieron solamente de terceras fuentes de información. • https://www.exploit-db.com/exploits/4674 http://secunia.com/advisories/27866 https://exchange.xforce.ibmcloud.com/vulnerabilities/38724 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-6188 – TuMusika Evolution 1.7R5 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-6188
Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php. Múltiples vulnerabilidades de salto de directorio en TuMusika Evolution 1.7R5 permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante una secuencia .. (punto punto) en el parámetro language a (1) languages_n.php, (2) languages_f.php, o (3) languages.php en inc/; y (4) permite a atacantes remotos leer ficheros locales de su elección mediante una secuencia .. • https://www.exploit-db.com/exploits/4674 http://osvdb.org/42450 http://osvdb.org/42451 http://osvdb.org/42452 http://osvdb.org/42453 http://secunia.com/advisories/27866 http://www.securityfocus.com/bid/26631 http://www.securityfocus.com/bid/26632 https://exchange.xforce.ibmcloud.com/vulnerabilities/38719 https://exchange.xforce.ibmcloud.com/vulnerabilities/38720 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-2090 – TuMusika Evolution 1.6 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2090
Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de TuMusika Evolution 1.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro msg. • https://www.exploit-db.com/exploits/29848 http://secunia.com/advisories/24874 http://securityreason.com/securityalert/2585 http://www.securityfocus.com/archive/1/465515/100/0/threaded http://www.vupen.com/english/advisories/2007/1374 https://exchange.xforce.ibmcloud.com/vulnerabilities/33593 •
CVE-2006-5090 – Phoenix Evolution CMS - '/modules/pageedit/index.php?pageid' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5090
Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Phoenix Evolution CMS (PECMS) permite a un atacante remoto inyectar secuencias de comandos web o HTML de sue elección a través de los parámetros (1)mod o (2)action en index.php, o el parámetro (3)pageid en modules/pageedit/index.php. NOTA: el origen de esta información es desconocido; los detalles se obtuvieron de terceras fuentes de información. • https://www.exploit-db.com/exploits/28693 https://www.exploit-db.com/exploits/28692 http://osvdb.org/33676 http://osvdb.org/33677 http://www.securityfocus.com/bid/20212 •
CVE-2002-2249 – News Evolution 1.0/2.0 - Include Undefined Variable Command Execution
https://notcve.org/view.php?id=CVE-2002-2249
PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php. • https://www.exploit-db.com/exploits/22048 http://marc.info/?l=bugtraq&m=103835200230127&w=2 http://www.securityfocus.com/bid/6260 https://exchange.xforce.ibmcloud.com/vulnerabilities/10709 • CWE-94: Improper Control of Generation of Code ('Code Injection') •