CVE-2006-3586
https://notcve.org/view.php?id=CVE-2006-3586
SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php. Vulnerabilidad de inyección SQL en Jetbox CMS 2.1 permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) frontsession de la COOKIE y (2) view en index.php, y el parámetro (3) login en admin/cms/index.php. • http://secunia.com/advisories/20889 http://secunia.com/secunia_research/2006-57/advisory http://securityreason.com/securityalert/1339 http://www.securityfocus.com/archive/1/441980/100/0/threaded http://www.securityfocus.com/bid/19303 https://exchange.xforce.ibmcloud.com/vulnerabilities/28168 •
CVE-2006-3585
https://notcve.org/view.php?id=CVE-2006-3585
Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Jetbox CMS2.1 SR1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) login en admin/cms/index.php, (2) parámetros no especificados en la página de "Suministrar noticias" en formmail.php, (3) la URL en la página de "Estadísticas del sitio", y el parámetro cadena de búsqueda (query_string) cuando se realiza una búsqueda. • http://secunia.com/advisories/20889 http://secunia.com/secunia_research/2006-57/advisory http://securityreason.com/securityalert/1339 http://www.osvdb.org/27712 http://www.osvdb.org/27713 http://www.osvdb.org/27714 http://www.securityfocus.com/archive/1/441980/100/0/threaded http://www.securityfocus.com/bid/19303 https://exchange.xforce.ibmcloud.com/vulnerabilities/28164 •
CVE-2006-3584
https://notcve.org/view.php?id=CVE-2006-3584
Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables. Vulnerabilidad de evaluación de variable dinámica en index.php en Jetbox CMS2.1 SR1 permite a atacantes remotos sobrescribir variables de configuración mediante parámetros URL, los cuales son evaluados como variables PHP dinámicas. • http://secunia.com/advisories/20889 http://secunia.com/secunia_research/2006-57/advisory http://securityreason.com/securityalert/1339 http://www.securityfocus.com/archive/1/441980/100/0/threaded http://www.securityfocus.com/bid/19303 •
CVE-2006-2270 – Jetbox CMS 2.1 - 'relative_script_path' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2270
PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter. • https://www.exploit-db.com/exploits/1761 http://secunia.com/advisories/19993 http://securityreason.com/securityalert/861 http://securitytracker.com/id?1016061 http://www.osvdb.org/25313 http://www.securityfocus.com/archive/1/433121/100/0/threaded http://www.securityfocus.com/bid/17861 http://www.vupen.com/english/advisories/2006/1686 https://exchange.xforce.ibmcloud.com/vulnerabilities/26289 https://exchange.xforce.ibmcloud.com/vulnerabilities/28843 •