5 results (0.024 seconds)

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2

SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. Vulnerabilidad de inyección SQL en LightNEasy/lightneasy.php en LightNEasy SQLite v1.2.2 y anteriores permite a atacantes remotos inyectar código PHP de forma arbitraria en comments.dat a través del parámetro "dlid" en index.php. • https://www.exploit-db.com/exploits/5452 http://secunia.com/advisories/29833 http://www.osvdb.org/44675 http://www.securityfocus.com/archive/1/491064/100/0/threaded http://www.securityfocus.com/bid/28801 https://exchange.xforce.ibmcloud.com/vulnerabilities/42009 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). thumbsup.php en Thumbs-Up v1.12, cuando se utiliza en LightNEasy "no database" (también conocido como flat) y SQLite v1.2.2 permite a atacantes remotos copiar, renombrar, y leer ficheros de modo arbitrario a través de secuencias de salto de directorio en el parámetro "image" con un parámetro modificado cache_dir conteniendo un %00 (byte codificado nulo). • https://www.exploit-db.com/exploits/5452 http://secunia.com/advisories/29833 http://www.osvdb.org/44674 http://www.securityfocus.com/archive/1/491064/100/0/threaded http://www.securityfocus.com/bid/28801 https://exchange.xforce.ibmcloud.com/vulnerabilities/49851 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2

Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php. Múltiples vulnerabilidades de salto de directorio en LightNEasy "no database" (también conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos leer fichero de modo arbitrario a través de ..(punto punto) en el parámetro "page" en (1) index.php y (2) LightNEasy.php. • https://www.exploit-db.com/exploits/5452 http://secunia.com/advisories/29833 http://www.osvdb.org/44672 http://www.osvdb.org/44673 http://www.securityfocus.com/archive/1/491064/100/0/threaded http://www.securityfocus.com/bid/28839 https://exchange.xforce.ibmcloud.com/vulnerabilities/41889 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php. LightNEasy "no database" (también conocido flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos crear ficheros a su elección a través del parámetro "page" a (1) index.php y (2) LightNEasy.php. • http://osvdb.org/44678 http://osvdb.org/44679 http://secunia.com/advisories/29833 http://www.securityfocus.com/archive/1/491064/100/0/threaded http://www.securityfocus.com/bid/28839 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en LightNEasy "no database" (también conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de modo arbitrario a través del parámetro "page" en (1) index.php y (2) LightNEasy.php. • http://secunia.com/advisories/29833 http://www.osvdb.org/44676 http://www.osvdb.org/44677 http://www.securityfocus.com/archive/1/491064/100/0/threaded http://www.securityfocus.com/bid/28839 https://exchange.xforce.ibmcloud.com/vulnerabilities/41888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •