CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3941
https://notcve.org/view.php?id=CVE-2007-3941
Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS 1.0_1 allows remote authenticated users to inject arbitrary web script or HTML via the profile_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en profile.php de Jasmine CMS 1.0_1 permite a usuarios remotos autenticados inyectar scripts web o HTML de su elección a través del parámetro profile_email. NOTA: El origen de esta información es desconocido; los detalles se han obtenido solamente de información de terceros. • http://osvdb.org/37531 http://secunia.com/advisories/26071 http://www.securityfocus.com/bid/24939 https://exchange.xforce.ibmcloud.com/vulnerabilities/35453 •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 1CVE-2007-0359 – Uberghey 0.3.1 - 'FrontPage.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-0359
PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. Vulnerabilidad de inclusión remota de archivo en PHP en frontpage.php de Uberghey CMS 0.3.1 permite a atacantes remotos ejecutar código PHP de su elección a través del parámetro setup_folder. • https://www.exploit-db.com/exploits/3147 http://www.attrition.org/pipermail/vim/2007-January/001247.html http://www.securityfocus.com/bid/22098 http://www.vupen.com/english/advisories/2007/0230 https://exchange.xforce.ibmcloud.com/vulnerabilities/31553 •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 3CVE-2006-4196 – WEBInsta CMS 0.3.1 - 'templates_dir' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4196
PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php en WEBInsta CMS 0.3.1 y posiblemente anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro templates_dir. • https://www.exploit-db.com/exploits/2175 http://advisories.echo.or.id/adv/adv45-K-159-2006.txt http://my.opera.com/atomo64/blog/show.dml/443167 http://secunia.com/advisories/21463 http://securityreason.com/securityalert/1400 http://www.securityfocus.com/archive/1/443154/100/0/threaded http://www.securityfocus.com/archive/1/445083/100/0/threaded http://www.securityfocus.com/bid/19489 http://www.vupen.com/english/advisories/2006/3276 https://exchange.xforce.ibmcloud.c •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 2CVE-2006-1371 – XHP CMS 0.5 - 'upload' Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-1371
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php. • https://www.exploit-db.com/exploits/1605 http://secunia.com/advisories/19353 http://www.attrition.org/pipermail/vim/2006-March/000649.html http://www.osvdb.org/24058 http://www.osvdb.org/24059 http://www.securityfocus.com/bid/17209 http://www.vupen.com/english/advisories/2006/1052 http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10 https://exchange.xforce.ibmcloud.com/vulnerabilities/25399 • CWE-94: Improper Control of Generation of Code ('Code Injection') •