CVE-2007-1898 – Jetbox CMS 2.1 Email - 'FormMail.php' Input Validation
https://notcve.org/view.php?id=CVE-2007-1898
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. formmail.php en Jetbox CMS 2.1 permite a atacantes remotos envíar e-mails de su elección a través de recipientes modificados, a través de los parámetros _SETTINGS[allowed_email_hosts][], y subject. Jetbox CMS version 2.1 suffers from an e-mail injection vulnerability that allows for spamming. • https://www.exploit-db.com/exploits/30040 http://securityreason.com/securityalert/2710 http://www.netvigilance.com/advisory0026 http://www.osvdb.org/34088 http://www.securityfocus.com/archive/1/468644/100/0/threaded http://www.securityfocus.com/bid/23989 http://www.securitytracker.com/id?1018063 http://www.vupen.com/english/advisories/2007/1831 https://exchange.xforce.ibmcloud.com/vulnerabilities/34292 •
CVE-2007-2732 – Jetbox CMS 2.1 - '/view/search/?path' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2732
Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Jetbox CMS permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) path en view/search/; o el parámetro (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, o (9) title en view/supplynews/. • https://www.exploit-db.com/exploits/30041 https://www.exploit-db.com/exploits/30042 http://osvdb.org/37451 http://osvdb.org/37452 http://securityreason.com/securityalert/2711 http://www.securityfocus.com/archive/1/468681/100/0/threaded http://www.securityfocus.com/bid/23999 http://www.vupen.com/english/advisories/2007/1831 •
CVE-2007-2733
https://notcve.org/view.php?id=CVE-2007-2733
Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448. Vulnerabilidad de envío de archivo no restringido en Jetbox CMS permite a usuarios autenticados remotamente con privilegios de autor enviar secuencias de comandos de su elección mediante vectores no especificados, los cuales pueden ser accedidos en webfiles/. NOTA: este problema podría ser un duplicado de CVE-2004-1448. • http://osvdb.org/37450 http://securityreason.com/securityalert/2711 http://www.securityfocus.com/archive/1/468681/100/0/threaded http://www.securityfocus.com/bid/23996 •
CVE-2007-2731
https://notcve.org/view.php?id=CVE-2007-2731
CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898. Vulnerabilidad de inyección CRLF en formmail.php en Jetbox CMS 2.1 podría permitir a atacantes remotos inyectar cabeceras de e-mail de su elección a través de secuencias LF(%0A) en el parámetro subject, un asunto relacionado con CVE-2007-1898. • http://securityreason.com/securityalert/2710 http://www.netvigilance.com/advisory0026 http://www.osvdb.org/34088 http://www.securityfocus.com/archive/1/468644/100/0/threaded http://www.securityfocus.com/bid/23989 http://www.securitytracker.com/id?1018063 http://www.vupen.com/english/advisories/2007/1831 https://exchange.xforce.ibmcloud.com/vulnerabilities/34292 •
CVE-2006-4738
https://notcve.org/view.php?id=CVE-2006-4738
PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270. Vulnerabilidad PHP de inclusión remota de archivo en phpthumb.php en Jetbox CMS permite a un atacante remoto ejecutar código PHP de su elección a través de una URL con el parámetro includes_path. NOTA: el vector relative_script_path está incluido por CVE-2006-2270. • http://securityreason.com/securityalert/1562 http://www.securityfocus.com/archive/1/445652/100/0/threaded http://www.securityfocus.com/bid/19303 https://exchange.xforce.ibmcloud.com/vulnerabilities/28843 •