CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6603 – Hot or Not Clone by Jnshosts.com - Database Backup Dump
https://notcve.org/view.php?id=CVE-2007-6603
Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via a direct request to control/downloadfile.php. Hot or Not Clone tiene control de acceso insuficiente para producir y leer copias de seguridad de la base de datos, lo cual permite a atacantes remotos obtener el nombre de usuario y la contraseña del administrador mediante una petición directa de control/backup/backup.php, lo cual genera un archivo backup/dump/backup.sql que puede ser descargado mediante una petición directa de control/downloadfile.php. • https://www.exploit-db.com/exploits/4804 http://osvdb.org/40572 http://secunia.com/advisories/28261 https://exchange.xforce.ibmcloud.com/vulnerabilities/39344 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6084 – HotScripts Clone Script - SQL Injection
https://notcve.org/view.php?id=CVE-2007-6084
SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en software-description.php de HotScripts Clone Script permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id. • https://www.exploit-db.com/exploits/4633 http://www.securityfocus.com/bid/26485 https://exchange.xforce.ibmcloud.com/vulnerabilities/38554 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4371
https://notcve.org/view.php?id=CVE-2007-4371
Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/. Vulnerabilidad de subida de fichero no restringida en admin/pages/blog-add.php de Neuron Blog 1.1 permite a atacantes remotos subir y ejecutar ficheros PHP de su elección en uploads/. • http://osvdb.org/39602 http://securityreason.com/securityalert/3016 http://www.securityfocus.com/archive/1/476281/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35982 •