CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17603 – Advanced Real Estate Script 4.0.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-17603
Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter. Advanced Real Estate Script 4.0.7 tiene una inyección SQL mediante los parámetros Projectmain, proj_type, searchtext, sell_price o maxprice en search-results.php. • https://www.exploit-db.com/exploits/43304 https://packetstormsecurity.com/files/145345/Advanced-Real-Estate-Script-4.0.7-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10919 – WassUp Real Time Analytics < 1.9.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10919
The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633. El plugin wassup versiones anteriores a 1.9.1 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del widget Top stats o el método wassupURI::add_siteurl, una vulnerabilidad diferente de CVE-2012-2633. • https://wordpress.org/plugins/wassup/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5506
https://notcve.org/view.php?id=CVE-2015-5506
The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content via a search. Vulnerabilidad en el módulo Apache Solr Real-Time 7.x-1.x en versiones anteriores a 7.x-1.2 para Drupal, no comprueba el estado de una entidad cuando indexa, lo que permite a atacantes remotos obtener información sobre contenido no publicado a través de una búsqueda. • http://www.openwall.com/lists/oss-security/2015/07/04/4 http://www.securityfocus.com/bid/75275 https://www.drupal.org/node/2489890 https://www.drupal.org/node/2507581 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2013-5930
https://notcve.org/view.php?id=CVE-2013-5930
Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter. Vulnerabilidad XSS en search_residential.php en Real Estate PHP Script permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro "bos". • http://packetstormsecurity.com/files/123138/realestatephpscript-xss.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/86986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2013-5931
https://notcve.org/view.php?id=CVE-2013-5931
SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter. Vulnerabilidad de inyección SQL en property_listings_detail.php en Real Estate PHP Script permite a atacantes remotos ejecutar comandos SQL arbritrarios a través del parámetro "listingid". • http://packetstormsecurity.com/files/123138/realestatephpscript-xss.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •