CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24816 – Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
https://notcve.org/view.php?id=CVE-2021-24816
06 Oct 2021 — The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. El plugin Phoenix Media Rename de WordPress versiones anteriores a 3.4.4, no presenta comprobaciones de capacidad en su acción phoenix_media_rename AJAX, lo que podría permitir a usuarios con roles de autor renombrar cualquier archivo multimedia subido, incluso aquellos que... • https://wpscan.com/vulnerability/5f63d677-20f3-4fe0-bb90-048b6898e6cd • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18279
https://notcve.org/view.php?id=CVE-2019-18279
13 Nov 2019 — In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019. En Phoenix SCT WinFlash versiones 1.1.12.0 hasta 1.5.74.0, los controladores incluidos podrían ser utilizados por una aplicación maliciosa de Windows para alcanzar privilegios elevados. Los impactos adversos están l... • https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7935
https://notcve.org/view.php?id=CVE-2017-7935
19 May 2017 — A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests. Se ha descubierto un problema de agotamiento de recursos en Phoenix Contact GmbH mGuard desde la versión 8.3.0 hasta la 8.4.2. Un atacante podría comprometer la disponibilidad del dispositivo mediante múltiples peticiones iniciales de VPN. • https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7937
https://notcve.org/view.php?id=CVE-2017-7937
19 May 2017 — An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable. Se detectó un problema de autenticación inapropiada en Phoenix Contact GmbH versiones de firmware 8.3.0 hasta 8.4.2. Un atacante puede alcanzar acceso no autorizado al firewall del usuario cuando no se puede acceder a los servidores RADIUS. • https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3CVE-2006-5090 – Phoenix Evolution CMS - '/modules/pageedit/index.php?pageid' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5090
29 Sep 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Phoenix Evolution CMS (PECMS) permite a un atacante remoto iny... • https://www.exploit-db.com/exploits/28693 •