NotCVE - vendor:"Modxcms" product:"Modxcms" version:" <= 0.9.2.1"

Page 2 of 9 results (0.007 seconds)

CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2008-5941

https://notcve.org/view.php?id=CVE-2008-5941

Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en MODx 0.9.6.1p2 y anteriores permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos. • http://jvn.jp/en/jp/JVN66828183/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000004.html http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.1EPSS: 10%CPEs: 2EXPL: 2

CVE-2006-5730 – MODx CMS 0.9.2.1 - 'FCKeditor' Remote File Inclusion

https://notcve.org/view.php?id=CVE-2006-5730

PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor. Vulnerabilidad de inclusión remota de archivo en PHP en manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php en Modx CMS 0.9.2.1 y anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro base_path. NOTA: es posible que esta sea una vulnerabilidad en FCKeditor. • https://www.exploit-db.com/exploits/2706 http://secunia.com/advisories/22675 http://www.osvdb.org/30186 http://www.securityfocus.com/bid/20898 http://www.vupen.com/english/advisories/2006/4346 https://exchange.xforce.ibmcloud.com/vulnerabilities/29989 •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2006-1820 – MODx CMS 0.9.1 - 'index.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2006-1820

Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability. • https://www.exploit-db.com/exploits/27648 http://secunia.com/advisories/19645 http://securitytracker.com/id?1015940 http://www.securityfocus.com/archive/1/431010/100/0/threaded http://www.securityfocus.com/bid/17533 http://www.vupen.com/english/advisories/2006/1383 https://exchange.xforce.ibmcloud.com/vulnerabilities/25894 •

CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 1

CVE-2006-1821 – MODx CMS 0.9.1 - 'index.php' Directory Traversal

https://notcve.org/view.php?id=CVE-2006-1821

Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. • https://www.exploit-db.com/exploits/27649 http://secunia.com/advisories/19645 http://securitytracker.com/id?1015940 http://www.securityfocus.com/archive/1/431010/100/0/threaded http://www.securityfocus.com/bid/17533 http://www.vupen.com/english/advisories/2006/1383 https://exchange.xforce.ibmcloud.com/vulnerabilities/25895 •

1 2