CVE-2014-3448 – BSS Continuity CMS 4.2.22640.0 Code Execution
https://notcve.org/view.php?id=CVE-2014-3448
BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload BSS Continuity CMS versión 4.2.22640.0, presenta una vulnerabilidad de Ejecución de Código Remota debido a la carga de archivos no autenticados BSS Continuity CMS version 4.2.22640.0 suffers from a remote code execution vulnerability via an unauthenticated file upload. • http://packetstormsecurity.com/files/126740/BSS-Continuity-CMS-4.2.22640.0-Code-Execution.html http://seclists.org/fulldisclosure/2014/May/85 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2014-3449 – BSS Continuity CMS 4.2.22640.0 Authentication Bypass
https://notcve.org/view.php?id=CVE-2014-3449
BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability BSS Continuity CMS versión 4.2.22640.0, presenta una vulnerabilidad de Omisión de Autenticación. BSS Continuity CMS version4.2.22640.0 suffers from a direct access bypass vulnerability. • http://packetstormsecurity.com/files/126739/BSS-Continuity-CMS-4.2.22640.0-Authentication-Bypass.html http://seclists.org/fulldisclosure/2014/May/84 • CWE-306: Missing Authentication for Critical Function •
CVE-2013-0803 – PolarPearCMS - Arbitrary '.PHP' File Upload
https://notcve.org/view.php?id=CVE-2013-0803
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code. Se presenta una Vulnerabilidad de Carga de Archivos PHP en PolarBear CMS versión 2.5, por medio del archivo upload.php, lo que podría permitir a un usuario malicioso ejecutar código arbitrario. • https://www.exploit-db.com/exploits/24549 http://www.exploit-db.com/exploits/24549 https://exchange.xforce.ibmcloud.com/vulnerabilities/82378 https://packetstormsecurity.com/files/cve/CVE-2013-0803 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2012-6500 – Pragyan CMS 3.0 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2012-6500
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. Vulnerabilidad de salto de directorio en download.lib.php en Pragyan CMS 3.0 y anteriores permite a atacantes remotos leer archivos arbitrarios a través de un ..(punto punto) en el parámetro "fileget" en una acción profile al index.php. • https://www.exploit-db.com/exploits/18347 http://www.exploit-db.com/exploits/18347 http://www.osvdb.org/82585 http://www.securityfocus.com/bid/51360 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2012-4901 – Template CMS 2.1.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4901
Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php. Vulnerabilidad de XSS en Template CMS 2.1.1 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro themes_editor en una acción add_template a admin/index.php. Template CMS version 2.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/21742 http://osvdb.org/85895 http://www.securityfocus.com/bid/55766 https://www.htbridge.com/advisory/HTB23115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •