Page 4 of 21 results (0.011 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php. Vulnerabilidad de inyección SQL en Jetbox CMS 2.1 permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) frontsession de la COOKIE y (2) view en index.php, y el parámetro (3) login en admin/cms/index.php. • http://secunia.com/advisories/20889 http://secunia.com/secunia_research/2006-57/advisory http://securityreason.com/securityalert/1339 http://www.securityfocus.com/archive/1/441980/100/0/threaded http://www.securityfocus.com/bid/19303 https://exchange.xforce.ibmcloud.com/vulnerabilities/28168 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Jetbox CMS2.1 SR1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) login en admin/cms/index.php, (2) parámetros no especificados en la página de "Suministrar noticias" en formmail.php, (3) la URL en la página de "Estadísticas del sitio", y el parámetro cadena de búsqueda (query_string) cuando se realiza una búsqueda. • http://secunia.com/advisories/20889 http://secunia.com/secunia_research/2006-57/advisory http://securityreason.com/securityalert/1339 http://www.osvdb.org/27712 http://www.osvdb.org/27713 http://www.osvdb.org/27714 http://www.securityfocus.com/archive/1/441980/100/0/threaded http://www.securityfocus.com/bid/19303 https://exchange.xforce.ibmcloud.com/vulnerabilities/28164 •

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0

Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables. Vulnerabilidad de evaluación de variable dinámica en index.php en Jetbox CMS2.1 SR1 permite a atacantes remotos sobrescribir variables de configuración mediante parámetros URL, los cuales son evaluados como variables PHP dinámicas. • http://secunia.com/advisories/20889 http://secunia.com/secunia_research/2006-57/advisory http://securityreason.com/securityalert/1339 http://www.securityfocus.com/archive/1/441980/100/0/threaded http://www.securityfocus.com/bid/19303 •

CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 2

PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter. • https://www.exploit-db.com/exploits/1761 http://secunia.com/advisories/19993 http://securityreason.com/securityalert/861 http://securitytracker.com/id?1016061 http://www.osvdb.org/25313 http://www.securityfocus.com/archive/1/433121/100/0/threaded http://www.securityfocus.com/bid/17861 http://www.vupen.com/english/advisories/2006/1686 https://exchange.xforce.ibmcloud.com/vulnerabilities/26289 https://exchange.xforce.ibmcloud.com/vulnerabilities/28843 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information. • http://echo.or.id/adv/adv03-y3dips-2004.txt http://secunia.com/advisories/12230 http://www.kb.cert.org/vuls/id/586720 http://www.osvdb.org/8325 http://www.securityfocus.com/archive/1/370852 http://www.securityfocus.com/bid/10858 https://exchange.xforce.ibmcloud.com/vulnerabilities/16898 •