CVSS: 7.8EPSS: 5%CPEs: 10EXPL: 0CVE-2015-3416 – sqlite: stack buffer overflow in src/printf.c
https://notcve.org/view.php?id=CVE-2015-3416
24 Apr 2015 — The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. La función sqlite3VXPrintf en printf.c en SQLite anterior a 3.8.9 no maneja correctamente los valores de precisión y anchu... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6589
https://notcve.org/view.php?id=CVE-2008-6589
03 Apr 2009 — Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en LightNEasy "no database" (también conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML d... • http://secunia.com/advisories/29833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 2CVE-2008-6590 – LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6590
03 Apr 2009 — Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php. Múltiples vulnerabilidades de salto de directorio en LightNEasy "no database" (también conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos leer fichero de modo arbitrario a través de ..(punto punto) en el parámetro ... • https://www.exploit-db.com/exploits/5452 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 2CVE-2008-6592 – LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6592
03 Apr 2009 — thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). thumbsup.php en Thumbs-Up v1.12, cuando se utiliza en LightNEasy "no database" (también conocido como flat) y SQLite v1.2.2 permite a atacantes remotos copiar, renombrar, y leer ficheros de modo arbitrario ... • https://www.exploit-db.com/exploits/5452 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6593 – LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6593
03 Apr 2009 — SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. Vulnerabilidad de inyección SQL en LightNEasy/lightneasy.php en LightNEasy SQLite v1.2.2 y anteriores permite a atacantes remotos inyectar código PHP de forma arbitraria en comments.dat a través del parámetro "dlid" en index.php. • https://www.exploit-db.com/exploits/5452 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0516
https://notcve.org/view.php?id=CVE-2008-0516
31 Jan 2008 — PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in SQLiteManager 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inclusión de archivo PHP remoto spaw/dialogs/confirm.php en SQLiteManager 1.2.0. Permite a atacantes remotos ejecutar código PHP arbitrario a través una URL en el parámetro spaw_root. NOTA: el ori... • http://secunia.com/advisories/28642 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 79%CPEs: 1EXPL: 1CVE-2007-1232 – SQLiteManager 1.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2007-1232
03 Mar 2007 — Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie. Vulnerabilidad de escalado de directorio en SQLiteManager 1.2.0 permite a atacantes remotos leer ficheros de su elección mediante un .. (punto punto) en una cookie SQLiteManager_currentTheme. • https://www.exploit-db.com/exploits/29665 •