CVE-2008-0574 – webSPELL 4.1.2 - 'whoisonline.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0574
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de webSPELL 4.01.02 permite a atacantes remotos inyectar web script o HTML de su elección a través del parámetro sort en una acción whoisonline. • https://www.exploit-db.com/exploits/31079 http://secunia.com/advisories/28684 http://securityreason.com/securityalert/3606 http://www.securityfocus.com/archive/1/487312/100/0/threaded http://www.securityfocus.com/bid/27517 https://exchange.xforce.ibmcloud.com/vulnerabilities/40084 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6309 – webSPELL 4.1.2 - 'calendar.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6309
Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en index.php en webSPELL 4.1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) galleryID en una acción de actualización usergallery; o los parámetros (2) upID, (3) tag, (4) month, (5) userID, o (6) year en una acción de anuncio en el calendario. • https://www.exploit-db.com/exploits/30858 https://www.exploit-db.com/exploits/30857 http://secunia.com/advisories/28006 http://securityreason.com/securityalert/3429 http://www.securityfocus.com/archive/1/484795/100/0/threaded http://www.securityfocus.com/bid/26787 https://exchange.xforce.ibmcloud.com/vulnerabilities/38955 https://exchange.xforce.ibmcloud.com/vulnerabilities/38957 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4028
https://notcve.org/view.php?id=CVE-2007-4028
Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de ruta absoluta en el index.php del Webspell 4.01.02 permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de un pathname completo en el parámetro site. NOTA: algunos de estos detalles se obtienen a partir de la información de terceros. • http://osvdb.org/37516 http://secunia.com/advisories/26172 http://securityreason.com/securityalert/2927 http://www.securityfocus.com/archive/1/474416/100/0/threaded http://www.securityfocus.com/bid/25012 •
CVE-2007-2368 – WebSPELL 4.01.02 - 'picture.php' File Disclosure
https://notcve.org/view.php?id=CVE-2007-2368
picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter. picture.php en WebSPELL 4.01.02 y anteriores permite a atacantes remotos leer ficheros de su elección mediante el parámetro file. • https://www.exploit-db.com/exploits/3673 http://www.vupen.com/english/advisories/2007/1274 •
CVE-2007-2369 – WebSPELL 4.01.02 - 'picture.php' File Disclosure
https://notcve.org/view.php?id=CVE-2007-2369
Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. Vulnerabilidad de salto de directorio en picture.php de WebSPELL 4.01.02 y anteriores, cuando se está utilizando PHP anterior a 4.3.0, permite a atacantes remotos leer ficheros de su elección mediante secuencias .. (punto punto) en el parámetro id. • https://www.exploit-db.com/exploits/3673 http://osvdb.org/34638 http://www.vupen.com/english/advisories/2007/1274 •