CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4793
https://notcve.org/view.php?id=CVE-2013-4793
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request. La función update en umbraco.webservices/templates/templateService.cs en el componente TemplateService en Umbraco CMS anterior a 6.0.4 no requiere autenticación, lo que permite a atacantes remotos ejecutar código ASP.NET arbitrario a través de una petición SOAP modificada. • https://labs.mwrinfosecurity.com/advisories/2013/11/29/umbraco-cms-templateservice-remote-code-execution • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1301
https://notcve.org/view.php?id=CVE-2012-1301
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. El script FeedProxy.aspx en Umbraco 4.7.0 permite a los atacantes remotos a las solicitudes de proxy en su nombre a través del parámetro "url". • http://www.securityfocus.com/archive/1/522218 http://www.securityfocus.com/bid/52912 https://www.trustmatta.com/advisories/MATTA-2012-001.txt • CWE-20: Improper Input Validation •