CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2012-4902 – Template CMS 2.1.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4902
20 May 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php. Múltiples vulnerabilidades de CSRF en Template CMS 2.1.1 y anteriores permiten a atacantes remotos secuestrar la autenticación de adm... • https://www.exploit-db.com/exploits/21742 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 6CVE-2015-1603
https://notcve.org/view.php?id=CVE-2015-1603
19 Feb 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php. Múltiples vulnerabilidades de XSS en Adminsystems CMS anterior a 4.0.2 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través (1) del parámetro page en index.php o (2) del parámetro id en una acción users_users en asys... • http://packetstormsecurity.com/files/130394/Landsknecht-Adminsystems-CMS-4.0.1-CSRF-XSS-File-Upload.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 6CVE-2015-1604
https://notcve.org/view.php?id=CVE-2015-1604
19 Feb 2015 — Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/. Vulnerabilidad de la subida de ficheros sin restricciones en asys/site/files.php en Adminsystems CMS anterior a 4.0.2 permite a usuarios remotos autenticados ejecutar código arbitrario mediante la subida de un fichero con una extensión ej... • http://packetstormsecurity.com/files/130394/Landsknecht-Adminsystems-CMS-4.0.1-CSRF-XSS-File-Upload.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 4CVE-2015-1471 – Pragyan CMS 3.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-1471
12 Feb 2015 — SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI. Vulnerabilidad de inyección SQL en userprofile.lib.php en Pragyan CMS 3.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro user en la URI por defecto. • https://www.exploit-db.com/exploits/35991 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2014-9185 – Morfy CMS 1.05 Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-9185
17 Dec 2014 — Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter. Vulnerabilidad de inyección de código estático en install.php en Morfy CMS 1.05 permite a usuarios remotos autenticados inyectar código PHP arbitrario en config.php a través del parámetro site_url. Morfy CMS version 1.05 suffers from a remote command execution vulnerability. • https://packetstorm.news/files/id/129624 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3447 – BSS Continuity CMS 4.2.22640.0 Denial of Service
https://notcve.org/view.php?id=CVE-2014-3447
21 May 2014 — BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability BSS Continuity CMS versión 4.2.22640.0, presenta una vulnerabilidad de Denegación de Servicio Remota. BSS Continuity CMS version 4.2.22640.0 suffers from a denial of service vulnerability. • http://seclists.org/fulldisclosure/2014/May/86 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 3CVE-2014-3448 – BSS Continuity CMS 4.2.22640.0 Code Execution
https://notcve.org/view.php?id=CVE-2014-3448
21 May 2014 — BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload BSS Continuity CMS versión 4.2.22640.0, presenta una vulnerabilidad de Ejecución de Código Remota debido a la carga de archivos no autenticados BSS Continuity CMS version 4.2.22640.0 suffers from a remote code execution vulnerability via an unauthenticated file upload. • https://packetstorm.news/files/id/126740 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2014-3449 – BSS Continuity CMS 4.2.22640.0 Authentication Bypass
https://notcve.org/view.php?id=CVE-2014-3449
21 May 2014 — BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability BSS Continuity CMS versión 4.2.22640.0, presenta una vulnerabilidad de Omisión de Autenticación. BSS Continuity CMS version4.2.22640.0 suffers from a direct access bypass vulnerability. • https://packetstorm.news/files/id/126739 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 7%CPEs: 10EXPL: 3CVE-2012-6500 – Pragyan CMS 3.0 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2012-6500
12 Jan 2013 — Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. Vulnerabilidad de salto de directorio en download.lib.php en Pragyan CMS 3.0 y anteriores permite a atacantes remotos leer archivos arbitrarios a través de un ..(punto punto) en el parámetro "fileget" en una acción profile al index.php. • https://www.exploit-db.com/exploits/18347 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 1CVE-2012-1834 – CMS Tree Page View < 0.8.9 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-1834
26 Mar 2012 — Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php. Vulnerabilidad de XSS en la función cms_tpv_admin_head en functions.php en el plugin CMS Tree Page View anterior a 0.8.9 para WordPress permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro cms_tp... • http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •