CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28750 – WordPress Albo Pretorio Online Plugin <= 4.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28750
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6 versions. The Albo Pretorio Online plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Errore’ parameter in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 2CVE-2008-0184 – SysHotel On Line System - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-0184
Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter. Vulnerabilidad de salto de directorio en index.php de Sys-Hotel on Line System, permite que atacantes remotos lean ficheros arbitrariamente usando un "/" ("%2F") codificado en el parámetro file. • https://www.exploit-db.com/exploits/31000 http://securityreason.com/securityalert/3528 http://www.securityfocus.com/archive/1/485940/100/0/threaded http://www.securityfocus.com/bid/27184 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3046
https://notcve.org/view.php?id=CVE-2007-3046
Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en Advanced Software Production Line Vortex Library anterior a 1.0.3 permite a atacantes remotos provocar una denegación de servicio (caída del oyente - listener -) a través de vectores no especificados relacionados con la implementación de la selección de E/S y el búfer de juego de ficheros (file set buffer). NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://lists.aspl.es/pipermail/vortex/2007-May/000152.html http://osvdb.org/36819 http://secunia.com/advisories/25442 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-1339 – Links Management Application 1.0 - 'lcnt' SQL Injection
https://notcve.org/view.php?id=CVE-2007-1339
SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter. Vulnerabilidad de inyección SQL en el index.php del Links Management Application 1.0 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro lcnt. • https://www.exploit-db.com/exploits/3416 http://osvdb.org/33862 http://secunia.com/advisories/24355 http://www.securityfocus.com/bid/22825 http://www.vupen.com/english/advisories/2007/0849 https://exchange.xforce.ibmcloud.com/vulnerabilities/32813 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2006-0906 – D3Jeeb Pro 3 - 'catogary.php?catid' SQL Injection
https://notcve.org/view.php?id=CVE-2006-0906
SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to execute arbitrary SQL commands via the catid parameter in (1) fastlinks.php and (2) catogary.php. • https://www.exploit-db.com/exploits/27328 https://www.exploit-db.com/exploits/27327 http://secunia.com/advisories/19062 http://securitytracker.com/id?1015687 http://www.securityfocus.com/archive/1/426197/100/0/threaded http://www.securityfocus.com/bid/16853 http://www.vupen.com/english/advisories/2006/0757 https://exchange.xforce.ibmcloud.com/vulnerabilities/24941 •