CVSS: 9.3EPSS: 9%CPEs: 14EXPL: 0CVE-2009-0584 – argyllcms: Multiple insufficient upper-bounds checks on certain sizes in the International Color Consortium Format Library
https://notcve.org/view.php?id=CVE-2009-0584
23 Mar 2009 — icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. icc.c, pertenec... • http://bugs.gentoo.org/show_bug.cgi?id=261087 • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2008-4601 – Habari 0.5.1 - 'habari_username' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4601
17 Oct 2008 — Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad de autenticación en Habari CMS v0.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "habari_username". • https://www.exploit-db.com/exploits/32492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-4603 – iGaming CMS 2.0 Alpha 1 - 'search.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4603
17 Oct 2008 — SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action. Vulnerabilidad de inyección SQL en search.php en iGaming CMS v2.0 Alpha 1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "keywords"en una acción "search_games". • https://www.exploit-db.com/exploits/6769 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2008-2842 – doITlive CMS 2.50 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2842
25 Jun 2008 — Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) del archivo edit/showmedia.asp del programa doITLive CMS 2.5 y anteriores, que permiten a atacantes remotos injectar arbitrariamente secuencia de comandos web o código HTML a través del archivo de parámetros. • https://www.exploit-db.com/exploits/5849 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2008-2843 – doITlive CMS 2.50 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2843
25 Jun 2008 — Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp. Múltiples vulnerabilidades de inyección SQL en doITLive CMS 2.50 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) ID en una ación USUB a default.asp y el (2) Licence[Specia... • https://www.exploit-db.com/exploits/5849 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2008-2130 – iGaming CMS 1.5 - 'poll_vote.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2130
09 May 2008 — SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en poll_vote.php de iGaming CMS versión 1.5 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id. • https://www.exploit-db.com/exploits/31747 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2008-1613 – RedDot CMS 7.5 - 'LngId' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1613
21 Apr 2008 — SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter. Vulnerabilidad de inyección SQL en RD.asp de RedDot CMS 7.5 Build 7.5.0.48, y posiblemente otras versiones incluyendo 6.5 y 7.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro LngId. • https://www.exploit-db.com/exploits/5482 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1513 – Danneo CMS 0.5.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-1513
25 Mar 2008 — SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. Vulnerabilidad de Inyección SQL en index.php de Danneo CMS 0.5.1 y versiones anteriores, cuando la opción Referers statistics está activada, permite a atacantes remotos ejecutar comandos SQL de su elección mediante la cabecera HTTP Referer. • https://www.exploit-db.com/exploits/5239 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 13%CPEs: 4EXPL: 2CVE-2007-6347 – ViArt CMS/Shop/Helpdesk 3.3.2 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-6347
13 Dec 2007 — PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inclusión remota de archivo en PHP en blocks/block_site_map.php de ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, y (4) Shop Free 3.3.2 per... • https://www.exploit-db.com/exploits/4722 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 6%CPEs: 1EXPL: 7CVE-2007-6218 – Ossigeno CMS 2.2_pre1 - '/ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php?ossigeno' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-6218
04 Dec 2007 — Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-20... • https://www.exploit-db.com/exploits/30831 • CWE-20: Improper Input Validation •