CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2011-3851 – News <= 0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3851
Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema News anteriores a v0.2 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "cpage". • https://sitewat.ch/en/Advisories/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6540
https://notcve.org/view.php?id=CVE-2007-6540
SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/. Vulnerabilidad de injección SQL en neuron news 1.0, permite que atacantes remotos ejecuten comandos SQL de su elección a través del parámetro q de la la URI por defecto en patch/. • http://osvdb.org/39988 http://securityreason.com/securityalert/3489 http://www.securityfocus.com/archive/1/485176/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.1EPSS: 1%CPEs: 1EXPL: 2CVE-2006-3384
https://notcve.org/view.php?id=CVE-2006-3384
SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters. Vulnerabilidad de inyección SQL en divers.php en Vincent Leclercq News 5.2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del (1) identificador y (2) parámetros de texto. • http://secunia.com/advisories/20936 http://www.acid-root.new.fr/advisories/news52.txt http://www.securityfocus.com/archive/1/438859/100/0/threaded http://www.securityfocus.com/bid/18775 http://www.vupen.com/english/advisories/2006/2642 https://exchange.xforce.ibmcloud.com/vulnerabilities/27504 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2006-3386
https://notcve.org/view.php?id=CVE-2006-3386
index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values. index.php en Vincent Leclercq News 5.2 permite a los atacantes remotos obtener información sensible, como la ruta de instalación, a través del parámetro mail[] con valores no válidos. • http://secunia.com/advisories/20936 http://www.acid-root.new.fr/advisories/news52.txt http://www.securityfocus.com/archive/1/438859/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27506 •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 2CVE-2006-3385 – Vincent Leclercq News 5.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3385
Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en divers.php en Vincent Leclercq News v5.2 permite a atacantes remotos inyectar web script o HTML de su elección a través de los parámetros (1) id y (2) disabled. • https://www.exploit-db.com/exploits/28146 http://secunia.com/advisories/20936 http://www.acid-root.new.fr/advisories/news52.txt http://www.securityfocus.com/archive/1/438859/100/0/threaded http://www.securityfocus.com/bid/18775 http://www.vupen.com/english/advisories/2006/2642 https://exchange.xforce.ibmcloud.com/vulnerabilities/27505 •