Page 2 of 17 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2012-5892

https://notcve.org/view.php?id=CVE-2012-5892

17 Nov 2012 — Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3. Havalite CMS v1.1.0 y anteriores almacena la información sensible bajo la raíz web con un control de acceso insuficiente, lo que permite a atacantes remotos descargar la base de datos de configuración a través de una petición directa a data/havalite.db3. • http://osvdb.org/80770 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1

CVE-2012-5893

https://notcve.org/view.php?id=CVE-2012-5893

17 Nov 2012 — Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/. Una vulnerabilidad de subida de archivos sin restricciones en hava_upload.php en Havalite CMS v1.1.0 y anteriores permite a atacantes remotos ejecutar código de su elección mediante la carga de un archivo con una extensión php, o gif, para luego acceder al... • http://osvdb.org/80768 •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2012-5894 – Havalite CMS 1.0.4 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2012-5894

17 Nov 2012 — SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter. Vulnerabilidad de inyección SQL en hava_post.php en Havalite CMS v1.1.0 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro postid. • https://www.exploit-db.com/exploits/18772 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 2

CVE-2009-2163 – Sitecore CMS 6.0.0 rev. 090120 - 'default.aspx' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-2163

22 Jun 2009 — Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Sitecore CMS versiones anteriores a v6.0.2 Update-1 090507 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro "sc_error". • https://www.exploit-db.com/exploits/34930 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 9%CPEs: 14EXPL: 0

CVE-2009-0584 – argyllcms: Multiple insufficient upper-bounds checks on certain sizes in the International Color Consortium Format Library

https://notcve.org/view.php?id=CVE-2009-0584

23 Mar 2009 — icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. icc.c, pertenec... • http://bugs.gentoo.org/show_bug.cgi?id=261087 • CWE-189: Numeric Errors •

CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2

CVE-2008-2842 – doITlive CMS 2.50 - SQL Injection / Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2008-2842

25 Jun 2008 — Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) del archivo edit/showmedia.asp del programa doITLive CMS 2.5 y anteriores, que permiten a atacantes remotos injectar arbitrariamente secuencia de comandos web o código HTML a través del archivo de parámetros. • https://www.exploit-db.com/exploits/5849 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3

CVE-2008-2843 – doITlive CMS 2.50 - SQL Injection / Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2008-2843

25 Jun 2008 — Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp. Múltiples vulnerabilidades de inyección SQL en doITLive CMS 2.50 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) ID en una ación USUB a default.asp y el (2) Licence[Specia... • https://www.exploit-db.com/exploits/5849 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •