CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2012-2438 – AWCM 2.2 Access Bypass
https://notcve.org/view.php?id=CVE-2012-2438
ar web content manager (AWCM) 2.2 does not restrict the number of comment records that can be submitted through HTTP requests, which allows remote attackers to cause a denial of service (disk consumption) via the coment parameter to (1) show_video.php or (2) topic.php. ar web content manager (AWCM) v2.2 no limita el número de registros de comentarios que se pueden enviar a través de peticiones HTTP, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de disco) mediante el parámetro coment a (1) show_video.php o (2) topic.php. AWCM version 2.2 appears to suffer from cookie forgery and direct access vulnerabilities. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79927 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 2CVE-2012-2437 – AR Web Content Manager (AWCM) - 'cookie_gen.php' Arbitrary Cookie Generation
https://notcve.org/view.php?id=CVE-2012-2437
cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter. cookie_gen.php en ar web content manager (AWCM) v2.2 no requiere autenticación, lo que permite a atacantes remotos generar cookies de su elección a través del parámetro name en conjunción con el parámetro content. AWCM version 2.2 appears to suffer from cookie forgery and direct access vulnerabilities. • https://www.exploit-db.com/exploits/38015 http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79926 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2010-4810 – AWCM 2.1 Final - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2010-4810
Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php. Múltiples vulnerabilidades PHP de inclusión remota de ficheros en AR Web Content Manager (AWCM) v2.1 final, permite a usuarios remotos ejecutar código PHP de su elección a través de una URL en el parámetro theme_file de (1) includes/window_top.php y (2) header.php, y el parámetro (3) lang_file de control/common.php. • https://www.exploit-db.com/exploits/15510 http://www.exploit-db.com/exploits/15510 http://www.securityfocus.com/bid/44868 https://exchange.xforce.ibmcloud.com/vulnerabilities/63236 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2011-1668 – AWCM 2.x - 'search.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-1668
Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en search.php en AR Web Content Manager (AWCM) v2.1, v2.2, y posiblemente otras versiones permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro search. • https://www.exploit-db.com/exploits/35555 http://secpod.org/advisories/SECPOD_AWCM_XSS.txt http://securityreason.com/securityalert/8193 http://www.securityfocus.com/archive/1/517294/100/0/threaded http://www.securityfocus.com/bid/47126 https://exchange.xforce.ibmcloud.com/vulnerabilities/66536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3CVE-2011-0903 – AWCM 2.2 Final - Local File Inclusion
https://notcve.org/view.php?id=CVE-2011-0903
Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php. Múltiples vulnerabilidades de salto de directorio en AR Web Content Manager (AWCM) v2.2 permite a atacantes remotos leer archivos de su elección y posiblemente tener otros impactos no especificados a través de .. (punto punto) en el (1) awcm_theme o (2)la cookie awcm_lang para (a) index.php o (b) header.php. • https://www.exploit-db.com/exploits/16049 http://www.exploit-db.com/exploits/16049 http://www.securityfocus.com/bid/46017 https://exchange.xforce.ibmcloud.com/vulnerabilities/64980 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •