CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39040
https://notcve.org/view.php?id=CVE-2023-39040
18 Sep 2023 — An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Una fuga de información en Cheese Cafe Line v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados. • http://cheese.com • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39039
https://notcve.org/view.php?id=CVE-2023-39039
18 Sep 2023 — An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Una fuga de información en Camp Style Project Line v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados. • http://camp.com • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28993 – WordPress Albo Pretorio Online Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28993
03 Apr 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions. The Albo Pretorio Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Ente' parameter in versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Unauth. • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28750 – WordPress Albo Pretorio Online Plugin <= 4.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28750
27 Mar 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6 versions. The Albo Pretorio Online plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Errore’ parameter in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Unauth. • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2008-0184 – SysHotel On Line System - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-0184
09 Jan 2008 — Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter. Vulnerabilidad de salto de directorio en index.php de Sys-Hotel on Line System, permite que atacantes remotos lean ficheros arbitrariamente usando un "/" ("%2F") codificado en el parámetro file. • https://www.exploit-db.com/exploits/31000 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3046
https://notcve.org/view.php?id=CVE-2007-3046
05 Jun 2007 — Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en Advanced Software Production Line Vortex Library anterior a 1.0.3 permite a atacantes remotos provocar una denegación de servicio (caída del oyente - listener -) a través de... • http://lists.aspl.es/pipermail/vortex/2007-May/000152.html •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2007-1339 – Links Management Application 1.0 - 'lcnt' SQL Injection
https://notcve.org/view.php?id=CVE-2007-1339
08 Mar 2007 — SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter. Vulnerabilidad de inyección SQL en el index.php del Links Management Application 1.0 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro lcnt. • https://www.exploit-db.com/exploits/3416 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2006-0906 – D3Jeeb Pro 3 - 'catogary.php?catid' SQL Injection
https://notcve.org/view.php?id=CVE-2006-0906
28 Feb 2006 — SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to execute arbitrary SQL commands via the catid parameter in (1) fastlinks.php and (2) catogary.php. • https://www.exploit-db.com/exploits/27328 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-0196
https://notcve.org/view.php?id=CVE-2006-0196
13 Jan 2006 — Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow. • http://secunia.com/advisories/18497 •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 0CVE-2005-3092
https://notcve.org/view.php?id=CVE-2005-3092
28 Sep 2005 — Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allows remote attackers to execute arbitrary code via a .flp file that contains a long path to a (1) .mid or (2) .wav file. • http://marc.info/?l=bugtraq&m=112776577002945&w=2 •