CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-7001 – Creator CMS 5.0 - 'sideid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-7001
Unrestricted file upload vulnerability in the file manager in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad de subida de archivos sin restricción en el gestor de ficheros de Creative Mind Creator CMS v5.0, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • https://www.exploit-db.com/exploits/6405 https://exchange.xforce.ibmcloud.com/vulnerabilities/44982 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2009-2082
https://notcve.org/view.php?id=CVE-2009-2082
SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en insidepage.php en Creative Web Solutions Multi-Level CMS v1.21 permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a través del parámetro "catid". NOTA: algunos de estos detalles fueron obtenidos de terceras partes. • http://osvdb.org/54571 http://packetstorm.linuxsecurity.com/0905-exploits/creativecms-sql.txt http://secunia.com/advisories/35154 http://www.securityfocus.com/bid/35018 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-4377 – Creator CMS 5.0 - 'sideid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4377
SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter. Vulnerabilidad de inyección SQL en index.asp de Creative Mind Creator CMS 5.0 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro sideid. • https://www.exploit-db.com/exploits/6405 http://osvdb.org/47979 http://secunia.com/advisories/31819 http://securityreason.com/securityalert/4335 http://www.securityfocus.com/bid/31084 https://exchange.xforce.ibmcloud.com/vulnerabilities/44981 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 61%CPEs: 1EXPL: 2CVE-2008-0955 – Creative Software AutoUpdate Engine - ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0955
Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value. Desbordamiento de búfer basado en pila en el Control Creative Software AutoUpdate Engine ActiveX en CTSUEng.ocx, permite a atacantes remotos ejecutar código de su elección a través de un valor largo en "CacheFolder". • https://www.exploit-db.com/exploits/16539 https://www.exploit-db.com/exploits/5681 http://secunia.com/advisories/30403 http://www.kb.cert.org/vuls/id/501843 http://www.securityfocus.com/bid/29391 http://www.vupen.com/english/advisories/2008/1668 https://exchange.xforce.ibmcloud.com/vulnerabilities/42673 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 1CVE-2007-2569 – Friendly 1.0d1 - 'friendly_path' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-2569
Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en el Friendly 1.0d1 y versiones anteriores permiten a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro friendly_path del (1) core/data/yaml.inc.php o _load.php en (2) core/data/, (3) core/display/ o (4) core/support/. • https://www.exploit-db.com/exploits/3864 http://osvdb.org/37657 http://osvdb.org/37658 http://osvdb.org/37659 http://osvdb.org/37660 http://www.vupen.com/english/advisories/2007/1679 https://exchange.xforce.ibmcloud.com/vulnerabilities/34099 •