CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2013-6239 – Contexis CMS 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-6239
24 Oct 2013 — Cross-site scripting (XSS) vulnerability in the photo gallery model in Exis Contexis before 2.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter in a detail action. Una vulnerabilidad de tipo cross-site scripting (XSS) en el modelo de galería de fotos en Exis Contexis versiones anteriores a 2.0, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro image en una acción detail. Contexis CMS version 1.0 suffers from a cross site scriptin... • https://packetstorm.news/files/id/123764 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2008-4994
https://notcve.org/view.php?id=CVE-2008-4994
07 Nov 2008 — The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file. Los ficheros de comandos (1) ncsarmt y (2) ncsawrap en xmcd v2.6 permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque de enlaces simbólicos al fichero temporal /tmp/Mosaic.*pid. • http://bugs.debian.org/496416 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2542
https://notcve.org/view.php?id=CVE-2006-2542
23 May 2006 — xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366816 •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2001-1119
https://notcve.org/view.php?id=CVE-2001-1119
03 Aug 2001 — cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack. • http://www.kb.cert.org/vuls/id/105347 •