CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2008-4601 – Habari 0.5.1 - 'habari_username' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-4601
Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad de autenticación en Habari CMS v0.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "habari_username". • https://www.exploit-db.com/exploits/32492 http://packetstorm.linuxsecurity.com/0810-exploits/habaricms-xss.txt http://secunia.com/advisories/32311 http://www.securityfocus.com/bid/31794 https://exchange.xforce.ibmcloud.com/vulnerabilities/45951 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-4603 – iGaming CMS 2.0 Alpha 1 - 'search.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4603
SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action. Vulnerabilidad de inyección SQL en search.php en iGaming CMS v2.0 Alpha 1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "keywords"en una acción "search_games". • https://www.exploit-db.com/exploits/6769 http://securityreason.com/securityalert/4433 http://www.securityfocus.com/bid/31793 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2842 – doITlive CMS 2.50 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2842
Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) del archivo edit/showmedia.asp del programa doITLive CMS 2.5 y anteriores, que permiten a atacantes remotos injectar arbitrariamente secuencia de comandos web o código HTML a través del archivo de parámetros. • https://www.exploit-db.com/exploits/5849 http://secunia.com/advisories/30705 http://www.bugreport.ir/?/43 http://www.securityfocus.com/bid/29789 https://exchange.xforce.ibmcloud.com/vulnerabilities/43164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-2843 – doITlive CMS 2.50 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2843
Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp. Múltiples vulnerabilidades de inyección SQL en doITLive CMS 2.50 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) ID en una ación USUB a default.asp y el (2) Licence[SpecialLicenseNumber] (también conocido como LicenceId) cookie to edit/default.asp. • https://www.exploit-db.com/exploits/5849 http://secunia.com/advisories/30705 http://www.bugreport.ir/?/43 http://www.securityfocus.com/bid/29789 https://exchange.xforce.ibmcloud.com/vulnerabilities/43161 https://exchange.xforce.ibmcloud.com/vulnerabilities/43163 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-2130 – iGaming CMS 1.5 - 'poll_vote.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2130
SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en poll_vote.php de iGaming CMS versión 1.5 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id. • https://www.exploit-db.com/exploits/31747 http://downloads.securityfocus.com/vulnerabilities/exploits/29059.pl http://www.securityfocus.com/bid/29059 https://exchange.xforce.ibmcloud.com/vulnerabilities/42229 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •