CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2009-2440 – JNM Guestbook 3.0 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-2440
Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en index.php en JNM Guestbook 3.0 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro page. • https://www.exploit-db.com/exploits/34806 http://packetstormsecurity.org/0907-exploits/jnm-xss.txt http://secunia.com/advisories/35760 http://www.vupen.com/english/advisories/2009/1831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2009-2111 – DB Top Sites 1.0 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2009-2111
Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter. Vulnerabilidad de inyección de código estático en add_reg.php en DB Top Sites v1.0 permite a atacantes remotos inyectar código PHP de su elección mediante los parámetros (1) url y (2) location. • https://www.exploit-db.com/exploits/8951 http://osvdb.org/55119 http://secunia.com/advisories/35419 https://exchange.xforce.ibmcloud.com/vulnerabilities/51121 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 2%CPEs: 1EXPL: 1CVE-2009-2110 – DB Top Sites 1.0 - 'index.php?u' Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-2110
Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) contact.php. Múltiples vulnerabilidades de salto de directorio en DB Top Sites v1.0, cuando está desactivada la opción magic_quotes_gpc, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de un valor .. (punto punto) en el parámetro u sobre (1)full.php, (2)index.php y (3) contact.php. • https://www.exploit-db.com/exploits/8952 http://osvdb.org/55116 http://osvdb.org/55117 http://osvdb.org/55118 http://secunia.com/advisories/35419 https://exchange.xforce.ibmcloud.com/vulnerabilities/51120 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •