CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0604
https://notcve.org/view.php?id=CVE-2018-0604
Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors. Pixelpost, en versiones 1.7.3 y anteriores, permite la ejecución remota de código mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN27978559/index.html •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3792
https://notcve.org/view.php?id=CVE-2011-3792
Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files. Pixelpost v1.7.3 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con includes/functions_feeds.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/pixelpost_v1.7.3 http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2011-1100 – PixelPost 1.7.3 - Multiple POST SQL Injections
https://notcve.org/view.php?id=CVE-2011-1100
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action. Múltiples vulnerabilidades de inyección SQL en admin/index.php en Pixelpost v1.7.3, permite a usuarios remotos autenticados ejecutar comandos SQL a través del parámetro (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, o (5) selectftag en una acción images. • https://www.exploit-db.com/exploits/16160 http://www.exploit-db.com/exploits/16160 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.php https://exchange.xforce.ibmcloud.com/vulnerabilities/65474 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 1%CPEs: 10EXPL: 2CVE-2008-3365 – PixelPost 1.7.1 - 'language_full' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-3365
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter. Vulnerabilidad de salto de directorio en index.php en Pixelpost 1.7.1 sobre Windows, cuando "register_globals" está activado, permite a atacantes remotos incluir y ejecutar archivos locales a través de .. (punto punto) en el parámetro "languaje_full". • https://www.exploit-db.com/exploits/6150 http://secunia.com/advisories/31239 http://securityreason.com/securityalert/4062 http://www.pixelpost.org/blog/2008/07/27/pixelpost-171-security-patch http://www.securityfocus.com/archive/1/494817/100/0/threaded http://www.securityfocus.com/bid/30397 http://www.vupen.com/english/advisories/2008/2207/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44031 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0358 – PixelPost 1.7 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-0358
SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter. Vulnerabilidad de inyección SQL en index.php de Pixelpost 1.7 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro parent_id. • https://www.exploit-db.com/exploits/4924 http://secunia.com/advisories/28499 http://www.pixelpost.org/forum/showthread.php?t=7716 http://www.securityfocus.com/bid/27242 http://www.securitytracker.com/id?1019238 https://exchange.xforce.ibmcloud.com/vulnerabilities/39721 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •