CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 1CVE-2007-6546 – RunCMS 1.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6546
RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. RunCMS anterior a 1.6.1 usa un identificador de sesión predecible, lo cual facilita a los atacantes remotos secuestrar sesiones mediante un id modificado. • https://www.exploit-db.com/exploits/4790 http://osvdb.org/41245 http://securityreason.com/securityalert/3493 http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131 http://www.securityfocus.com/archive/1/485512/100/0/threaded http://www.securityfocus.com/bid/27019 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6549
https://notcve.org/view.php?id=CVE-2007-6549
Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using." Vulnerabilidad no especificada en RunCMS anterior a 1.6.1 tiene impacto y vectores de ataque desconocidos, relacionados con "el uso de pagetype (tipo de página)". • http://osvdb.org/41252 http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131 https://exchange.xforce.ibmcloud.com/vulnerabilities/39299 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5535
https://notcve.org/view.php?id=CVE-2007-5535
Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors. Vulnerabilidad sin especificar en el newbb_plus del RunCms 1.5.2 tiene un impacto desconocido y vectores de ataque. • http://osvdb.org/40180 http://secunia.com/advisories/27230 http://www.runcms.org/modules/mydownloads/singlefile_lid_96.html http://www.securityfocus.com/bid/26099 https://exchange.xforce.ibmcloud.com/vulnerabilities/37244 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1CVE-2007-2539 – RunCMS 1.5.2 - 'debug_show.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-2539
The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. La función show_files de RunCms 1.5.2 y anteriores permite a atacantes remotos obtener información sensible (existencia de fichero y metadatos de fichero) a través de vectores no especificados. • https://www.exploit-db.com/exploits/3850 http://osvdb.org/35783 http://retrogod.altervista.org/runcms_152_sql.html http://securityreason.com/securityalert/2671 http://www.securityfocus.com/archive/1/467665/100/0/threaded http://www.securityfocus.com/bid/23819 http://www.vupen.com/english/advisories/2007/1669 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2007-2538 – RunCMS 1.5.2 - 'debug_show.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-2538
SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. Vulnerabilidad de inyección SQL en class/debug/debug_show.php de RunCms 1.5.2 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro de tipo array executed_queries. • https://www.exploit-db.com/exploits/3850 http://osvdb.org/35782 http://retrogod.altervista.org/runcms_152_sql.html http://secunia.com/advisories/25154 http://securityreason.com/securityalert/2671 http://www.runcms.org/modules/news http://www.securityfocus.com/archive/1/467665/100/0/threaded http://www.securityfocus.com/bid/23819 http://www.vupen.com/english/advisories/2007/1669 https://exchange.xforce.ibmcloud.com/vulnerabilities/34075 •