Page 4 of 20 results (0.014 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) del archivo edit/showmedia.asp del programa doITLive CMS 2.5 y anteriores, que permiten a atacantes remotos injectar arbitrariamente secuencia de comandos web o código HTML a través del archivo de parámetros. • https://www.exploit-db.com/exploits/5849 http://secunia.com/advisories/30705 http://www.bugreport.ir/?/43 http://www.securityfocus.com/bid/29789 https://exchange.xforce.ibmcloud.com/vulnerabilities/43164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. Vulnerabilidad de Inyección SQL en index.php de Danneo CMS 0.5.1 y versiones anteriores, cuando la opción Referers statistics está activada, permite a atacantes remotos ejecutar comandos SQL de su elección mediante la cabecera HTTP Referer. • https://www.exploit-db.com/exploits/5239 https://exchange.xforce.ibmcloud.com/vulnerabilities/41153 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 1

PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. Vulnerabilidad de inclusión remota de archivo en PHP en frontpage.php de Uberghey CMS 0.3.1 permite a atacantes remotos ejecutar código PHP de su elección a través del parámetro setup_folder. • https://www.exploit-db.com/exploits/3147 http://www.attrition.org/pipermail/vim/2007-January/001247.html http://www.securityfocus.com/bid/22098 http://www.vupen.com/english/advisories/2007/0230 https://exchange.xforce.ibmcloud.com/vulnerabilities/31553 •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 3

PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php en WEBInsta CMS 0.3.1 y posiblemente anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro templates_dir. • https://www.exploit-db.com/exploits/2175 http://advisories.echo.or.id/adv/adv45-K-159-2006.txt http://my.opera.com/atomo64/blog/show.dml/443167 http://secunia.com/advisories/21463 http://securityreason.com/securityalert/1400 http://www.securityfocus.com/archive/1/443154/100/0/threaded http://www.securityfocus.com/archive/1/445083/100/0/threaded http://www.securityfocus.com/bid/19489 http://www.vupen.com/english/advisories/2006/3276 https://exchange.xforce.ibmcloud.c •

CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 2

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php. • https://www.exploit-db.com/exploits/1605 http://secunia.com/advisories/19353 http://www.attrition.org/pipermail/vim/2006-March/000649.html http://www.osvdb.org/24058 http://www.osvdb.org/24059 http://www.securityfocus.com/bid/17209 http://www.vupen.com/english/advisories/2006/1052 http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10 https://exchange.xforce.ibmcloud.com/vulnerabilities/25399 • CWE-94: Improper Control of Generation of Code ('Code Injection') •