CVSS: 5.3EPSS: 1%CPEs: 24EXPL: 0CVE-2012-2724
https://notcve.org/view.php?id=CVE-2012-2724
09 Jan 2020 — The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page. El módulo Simplenews versiones 6.x-1.x anteriores a 6.x-1.4, versiones 6.x-2.x anteriores a 6.x-2.0-alpha4 y versiones 7.x-1.x anteriores a 7.x-1.0-rc1 para Drupal, revela las direcciones de correo electrónico de ... • http://drupal.org/node/1619812 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2013-4447
https://notcve.org/view.php?id=CVE-2013-4447
01 Nov 2013 — Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address. Vulnerabilidad Cross-site scripting (XSS) en el API del módulo Simplenews 6.x-1.x anterior a 6.x-1.5 y 7.x-1.x anterior a 7.x-1.1 para Drupal que permite a atacantes remotos inyectar secuencias arbitraria de comandos web o HTML a través de una dirección de correo electrónico. • http://osvdb.org/98628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2008-5996
https://notcve.org/view.php?id=CVE-2008-5996
28 Jan 2009 — Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Simplenews v5.x anterior a v5.x-1.5 y v6.x previo a v6.x-1.0-beta4, para Drupal, permite a usuarios autenticados remotamente con "adminis... • http://drupal.org/node/312944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4872
https://notcve.org/view.php?id=CVE-2007-4872
27 Sep 2007 — SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error messages. SimpNews 2.41.03 permite a atacantes remotos obtener información sensible mediante (1) un parámetro lang inválido a admin/index.php; o una petición directa a (2) admin/dbg_infos.php, (3) admin/heading.php, o (4) evsearch.php; lo cual revela la... • http://forum.boesch-it.de/viewtopic.php?t=2791 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4873
https://notcve.org/view.php?id=CVE-2007-4873
27 Sep 2007 — SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. SimpNews 2.41.03 almacena información sensible bajo la raíz de documentos web con control de acceso insuficiente, lo cual permite a atacantes remotos descargar ficheros .inc de su elección mediante una petición directa, como ha sido demostrado por admin/includes/dbtables.inc. • http://forum.boesch-it.de/viewtopic.php?t=2791 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2007-2598 – SimpleNews 1.0.0 FINAL - 'print.php?news_id' SQL Injection
https://notcve.org/view.php?id=CVE-2007-2598
11 May 2007 — SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter. Vulnerabilidad de inyección SQL en print.php en SimpleNews 1.0.0 FINAL permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro news_id. • https://www.exploit-db.com/exploits/3886 •