CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2009-2639 – mrcgiguy the ticket system 2.0 PHP - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-2639
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action. Vulnerabilidad de inyección SQL en admin.php en MRCGIGUY The Ticket System v2.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción "viewticket". • https://www.exploit-db.com/exploits/8917 http://www.exploit-db.com/exploits/8917 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2009-2080 – mrcgiguy the ticket system 2.0 PHP - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-2080
admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action. admin.php en MRCGIGUY The Ticket System v2.0, no restringe adecuadamente el acceso, lo que permite a atacantes remotos (1) obtener información sobre la configuración a través de una acción "editconfig" o (2) modificar la contraseña de administrador a través del parámetro "id" en una acción "editop". • https://www.exploit-db.com/exploits/8917 http://secunia.com/advisories/35350 https://exchange.xforce.ibmcloud.com/vulnerabilities/51029 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 2CVE-2006-7086 – Hot Links - Perl PHP Information Disclosure
https://notcve.org/view.php?id=CVE-2006-7086
The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter. Los archivos (1) dlback.php y (2) dlback.cgi de Hot Links permite a atacantes remotos obtener información sensible y descargar la base de datos mediante una petición directa con un parámetro dl modificado. • https://www.exploit-db.com/exploits/29047 http://marc.info/?l=bugtraq&m=116370290529916&w=2 http://marc.info/?l=bugtraq&m=116373064308228&w=2 http://secunia.com/advisories/22970 http://www.securityfocus.com/bid/21112 http://www.vupen.com/english/advisories/2006/4585 https://exchange.xforce.ibmcloud.com/vulnerabilities/30340 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •