Page 2 of 13 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2008-5942

https://notcve.org/view.php?id=CVE-2008-5942

Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MODx anterior a v0.9.6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con (1) la función preserveUrls y (2) "entrada de nombre de usuario." NOTA: el vector 2 puede estar relacionado con CVE-2008-5939. • http://jvn.jp/en/jp/JVN10170564/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000003.html http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt http://www.securityfocus.com/bid/33184 https://exchange.xforce.ibmcloud.com/vulnerabilities/48184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2008-5940

https://notcve.org/view.php?id=CVE-2008-5940

SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en index.php en MODx v0.9.6.2 y versiones anteriores, cuando magic_quotes_gpc no está activo, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "searchid". NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • http://jvn.jp/en/jp/JVN72630020/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000005.html http://secunia.com/advisories/33405 http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt http://www.securityfocus.com/bid/33182 https://exchange.xforce.ibmcloud.com/vulnerabilities/47840 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2008-5941

https://notcve.org/view.php?id=CVE-2008-5941

Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en MODx 0.9.6.1p2 y anteriores permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos. • http://jvn.jp/en/jp/JVN66828183/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000004.html http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 4

CVE-2008-0094 – MODx 0.9.6.1 - 'AjaxSearch.php' Local File Inclusion

https://notcve.org/view.php?id=CVE-2008-0094

Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php. Múltiples vulnerabilidades de salto de directorio en MODx Content Management System 0.9.6.1 permiten a atacantes remotos (1) incluir y ejecutar ficheros locales de su elección mediante un .. (punto punto) en el parámetro as_language en assets/snippets/AjaxSearch/AjaxSearch.php, alcanzado a través de index-ajax.php; y (2) leer ficheros locales de su elección mediante un .. • https://www.exploit-db.com/exploits/30969 https://www.exploit-db.com/exploits/30968 http://modxcms.com/forums/index.php/topic%2C21290.0.html http://secunia.com/advisories/28220 http://securityreason.com/securityalert/3522 http://www.securityfocus.com/archive/1/485707/100/0/threaded http://www.securityfocus.com/bid/27096 http://www.securityfocus.com/bid/27097 https://exchange.xforce.ibmcloud.com/vulnerabilities/39352 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-5371

https://notcve.org/view.php?id=CVE-2007-5371

Multiple SQL injection vulnerabilities in mutate_content.dynamic.php in MODx 0.9.6 allow remote attackers to execute arbitrary SQL commands via the (1) documentDirty or (2) modVariables parameter. Múltiples vulnerabilidades de inyección SQL en mutate_content.dynamic.php de MODx 0.9.6 permiten a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) documentDirty o (2) modVariables. • http://osvdb.org/38584 http://securityreason.com/securityalert/3215 http://www.securityfocus.com/archive/1/481870/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •