8 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

CVE-2008-4782 – AIOCP 1.4 - 'poll_id' SQL Injection

https://notcve.org/view.php?id=CVE-2008-4782

SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. Vulnerabilidad de inyección de SQL en public/code/cp_polls_results.php en All In One Control Panel (AIOCP) 1.4 permite a un atacante remoto ejecutar código SQL de su elección por medio del parámetro poll_id. • https://www.exploit-db.com/exploits/6854 https://www.exploit-db.com/exploits/32537 http://secunia.com/advisories/32431 http://securityreason.com/securityalert/4518 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

CVE-2007-3120

https://notcve.org/view.php?id=CVE-2007-3120

Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el public/code/cp_dpage.php del Panel de Control Todo en Uno (AIOCP) anterior a la versión 1.3.017 permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través del parámetro aiocp_dp. NOTA: alguno de estos detalles se obtienen a partir de la información de terceros. • http://osvdb.org/35533 http://secunia.com/advisories/25584 http://sourceforge.net/project/shownotes.php?release_id=514035 http://www.securityfocus.com/bid/24357 http://www.vupen.com/english/advisories/2007/2097 https://exchange.xforce.ibmcloud.com/vulnerabilities/34762 •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-2625

https://notcve.org/view.php?id=CVE-2007-2625

Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en shared/code/cp_authorization.php en All In One Control Panel (AIOCP) anterior a 1.3.016 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados. NOTA: algunos de estos detalles se obtuvieron de terceras fuentes de información. • http://osvdb.org/35535 http://sourceforge.net/project/shownotes.php?release_id=504924 http://www.vupen.com/english/advisories/2007/1637 •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2007-2624

https://notcve.org/view.php?id=CVE-2007-2624

Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information. Vulnerabilidad de evaluación de variable dinámica en shared/config/cp_config.php de All In One Control Panel (AIOCP) versiones anteriores a 1.3.016 permite a atacantes remotos llevar a cabo secuencias de comandos en sitios cruzados (XSS) y posiblemente otros ataques mediante el array superglobal SERVER. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://osvdb.org/35534 http://secunia.com/advisories/25088 http://sourceforge.net/project/shownotes.php?release_id=504924 http://www.securityfocus.com/bid/23790 http://www.vupen.com/english/advisories/2007/1637 https://exchange.xforce.ibmcloud.com/vulnerabilities/34038 •

CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 13

CVE-2006-5829 – AIOCP 1.3.x - 'cp_codice_fiscale.php' SQL Injection

https://notcve.org/view.php?id=CVE-2006-5829

Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php. Múltiples vulnerabilidades de inyección SQL en All In One Control Panel (AIOCP) 1.3.007 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) choosed_language en (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, y (i) cp_codice_fiscale.php en public/code/; el parámetro (2) news_category parameter de public/code/cp_news.php; el parámetro (3) nlmsg_nlcatid de public/code/cp_newsletter.php; el parámetro (4) links_category de public/code/cp_links.php; el parámetro (5) product_category_id de public/code/cp_show_ec_products.php; el parámetro (6) order_field de public/code/cp_show_ec_products.php; el parámetro (7) firstrow de public/code/cp_users_online.php; y el parámetro (8) orderdir de public/code/cp_links_search.php. • https://www.exploit-db.com/exploits/28933 https://www.exploit-db.com/exploits/28929 https://www.exploit-db.com/exploits/28923 https://www.exploit-db.com/exploits/28926 https://www.exploit-db.com/exploits/28925 https://www.exploit-db.com/exploits/28928 https://www.exploit-db.com/exploits/28934 https://www.exploit-db.com/exploits/28931 https://www.exploit-db.com/exploits/28924 https://www.exploit-db.com/exploits/28927 https://www.exploit-db.com/exploits/28930 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •