CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-6011 – SG Real Estate Portal 2.0 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6011
SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. Vulnerabilidad de inyección SQL en index.php de SG Real Estate Portal v2.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro page_id (identificador de página). • https://www.exploit-db.com/exploits/6634 https://www.exploit-db.com/exploits/6631 http://www.securityfocus.com/bid/31489 https://exchange.xforce.ibmcloud.com/vulnerabilities/45568 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6010 – SG Real Estate Portal 2.0 - Blind SQL Injection / Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6010
Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to admin/index.php. Múltiples vulnerabilidades de salto de directorio en SG Real Estate Portal 2.0 que permite a los atacantes remotos leer arbitrariamente archivos a través de .. (punto punto) en parámetros (1) mod, (2) page, o (3) lang para index.php; o los parámetros (4) action o (5) folder en una petición de seguridad a admin/index.php. • https://www.exploit-db.com/exploits/6631 http://www.securityfocus.com/bid/31489 https://exchange.xforce.ibmcloud.com/vulnerabilities/45569 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2008-6009 – SG Real Estate Portal 2.0 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-6009
SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1. SG Real Estate Portal v2.0 permite a atacantes remotos evitar la autenticación y obtener acceso de administrador configurando la cookie Auth a 1. • https://www.exploit-db.com/exploits/6635 http://www.securityfocus.com/bid/31500 https://exchange.xforce.ibmcloud.com/vulnerabilities/45577 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-4570 – Real Estate Scripts 2008 - 'cat' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4570
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en index.php de Real Estate Classifieds permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro cat. • https://www.exploit-db.com/exploits/6736 http://secunia.com/advisories/32223 http://securityreason.com/securityalert/4418 http://www.securityfocus.com/bid/31723 https://exchange.xforce.ibmcloud.com/vulnerabilities/45819 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 77%CPEs: 3EXPL: 0CVE-2007-5400 – RealPlayer: SWF Frame Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-5400
Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file. Desbordamiento de búfer basado en montículo en el manejador de ventanas (SWF) en RealNetworks RealPlayer 10.5 Build 6.0.12.1483, puede permitir a atacantes remotos ejecutar código de su elección a través de un archivo SWF manipulado. • http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/27620 http://secunia.com/advisories/31321 http://secunia.com/advisories/35416 http://secunia.com/secunia_research/2007-93/advisory http://securityreason.com/securityalert/4048 http://service.real.com/realplayer/security/07252008_player/en http://www.kb.cert.org/vuls/id/298651 http://www.redhat.com/support/errata/RHSA-2008-0812.html http://www.securityfocus.com/archive/1/494749& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •