CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 5CVE-2014-1631 – Eventum - Insecure File Permissions
https://notcve.org/view.php?id=CVE-2014-1631
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. Eventum, en versiones anteriores a la 2.3.5 permite que atacantes remotos reinstalen la aplicación mediante una petición directa en /setup/index.php. Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities. • https://www.exploit-db.com/exploits/39065 https://www.exploit-db.com/exploits/39066 http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4666 http://www.securityfocus.com/archive/1/530891/100/0/threaded https://bugs.launchpad.net/eventum/+bug/1271499 https://www.htbridge.com/advisory/HTB23198 • CWE-275: Permission Issues •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 4CVE-2014-1632 – Eventum 2.3.4 - 'hostname' Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-1632
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. htdocs/setup/index.php en Eventum, en versiones anteriores a la 2.3.5, permite que atacantes remotos inyecten y ejecuten código PHP arbitrario mediante el parámetro hostname. Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities. • https://www.exploit-db.com/exploits/39066 http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665 http://www.securityfocus.com/archive/1/530891/100/0/threaded https://bugs.launchpad.net/eventum/+bug/1271499 https://www.htbridge.com/advisory/HTB23198 • CWE-275: Permission Issues •
CVSS: 5.8EPSS: 1%CPEs: 8EXPL: 9CVE-2005-2467 – MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-2467
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php. • https://www.exploit-db.com/exploits/26056 https://www.exploit-db.com/exploits/26057 https://www.exploit-db.com/exploits/26058 http://lists.mysql.com/eventum-users/2072 http://marc.info/?l=bugtraq&m=112292193807958&w=2 http://secunia.com/advisories/16304 http://securitytracker.com/id?1014603 http://www.gulftech.org/?node=research&article_id=00093-07312005 http://www.osvdb.org/18400 http://www.osvdb.org/18401 http://www.osvdb.org/18402 http://www.securityfoc •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 8CVE-2005-2468 – MySQL Eventum 1.5.5 - 'login.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-2468
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php. • https://www.exploit-db.com/exploits/1134 http://lists.mysql.com/eventum-users/2072 http://marc.info/?l=bugtraq&m=112292193807958&w=2 http://secunia.com/advisories/16304 http://securitytracker.com/id?1014603 http://www.gulftech.org/?node=research&article_id=00093-07312005 http://www.osvdb.org/18403 http://www.osvdb.org/18404 http://www.osvdb.org/18405 http://www.osvdb.org/18406 http://www.securityfocus.com/bid/14437 http://www.vupen.com/english/advisories& •