CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38923
https://notcve.org/view.php?id=CVE-2022-38923
BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload. • https://github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-38923_Bluepage_CMS_SQLi/CVE-2022-38922-BluePage_CMS_3.9.md https://www.bluepage-cms.com/index.php https://www.iss-oberlausitz.de/index.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38922
https://notcve.org/view.php?id=CVE-2022-38922
BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload. • https://github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-38923_Bluepage_CMS_SQLi/CVE-2022-38922-BluePage_CMS_3.9.md https://www.bluepage-cms.com/index.php https://www.iss-oberlausitz.de/index.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7725
https://notcve.org/view.php?id=CVE-2014-7725
The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application 0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Rally Albania Live 2014 (también conocido como com.wRallyAlbaniaLIVE2014) 0.11 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/399017 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 1%CPEs: 28EXPL: 0CVE-2007-2690
https://notcve.org/view.php?id=CVE-2007-2690
Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. Múltiples productos de la serie IBM ISS Proventia, incluyendo las series A, G, y M, no manejan adecuadamente determinadas codificaciones de caracteres Unicode de ancho completo y medio, lo cual podría permitir a atacantes remotos evadir la detección de tráfico HTTP. • http://www.gamasec.net/english/gs07-01.html http://www.kb.cert.org/vuls/id/739224 http://www.securityfocus.com/archive/1/468633/100/0/threaded http://www.securitytracker.com/id?1018068 •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1CVE-2006-7129 – Internet Security Systems 3.6 - 'ZWDeleteFile()' Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2006-7129
ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files. ISS BlackICEPC Protection 3.6 cpj y cpu, y posiblemente versiones anteriores, permite a usuarios locales evitar el esquema de protección utilizando la función ZwDeleteFile del API para borrar el archivo crítico filelock.txt, el cual almacena información sobre archivos protegidos. • https://www.exploit-db.com/exploits/28817 http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0298.html http://securityreason.com/securityalert/2361 http://www.matousec.com/info/advisories/BlackICE-Filelock-protection-bypass.php http://www.osvdb.org/30901 http://www.securityfocus.com/archive/1/448763/100/0/threaded http://www.securityfocus.com/bid/20546 https://exchange.xforce.ibmcloud.com/vulnerabilities/29575 •