CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9333
https://notcve.org/view.php?id=CVE-2016-9333
13 Feb 2017 — An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION). Ha sido descubierto un problema en Moxa SoftCMS en versiones anteriores a 1.6. La SoftCMS Application no desinfecta correctamente entradas que pueden permitir a atacantes remotos acceder a SoftCMS con privilegios de administrador a través de una entrada... • http://www.securityfocus.com/bid/94394 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 29%CPEs: 1EXPL: 1CVE-2016-9332 – Moxa SoftCMS 1.5 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2016-9332
13 Feb 2017 — An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition. Ha sido descubierto un problema en Moxa SoftCMS en versiones anteriores a 1.6. Moxa SoftCMS Webserver no valida correctamente una entrada. • https://www.exploit-db.com/exploits/40779 • CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8360 – Moxa SoftCMS AspWebServer URL Processing Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-8360
23 Nov 2016 — An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code. Ha sido descubierto un problema en las versiones de Moxa SoftCMS anteriores a la versión 1.6. Una solicitud de URL especialmente manipulada enviada al SoftCMS ASP Webserver puede provocar una doble condic... • http://www.securityfocus.com/bid/94394 • CWE-415: Double Free •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5792 – Moxa SoftCMS getcaminfo SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-5792
08 Aug 2016 — SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. Vulnerabilidad de inyección SQL en Moxa SoftCMS en versiones anteriores a 1.5 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de campos no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. Authentication is not required to exploit this vulnerability. The specific flaw exis... • http://www.securityfocus.com/bid/92262 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6457 – Moxa SoftCMS VLCControl setUserInfoData strIP Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6457
08 Sep 2015 — Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. Moxa SoftCMS, en versiones 1.3 y anteriores, es susceptible a una condición de desbordamiento de búfer que podría cerrarse inesperadamente o permitir la ejecución remota de código. Moxa lanzó la versión 1.4 de SoftCMS el 1 de junio de 2015 para abordar esta vulnerabilidad. This vulnerability allows remote atta... • https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6458 – Moxa SoftCMS RTSPVIDEO.rtspvideoCtrl.1 AudioRecord Method ip Argument Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6458
08 Sep 2015 — Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. Moxa SoftCMS, en versiones 1.3 y anteriores, es susceptible a una condición de desbordamiento de búfer que podría cerrarse inesperadamente o permitir la ejecución remota de código. Moxa lanzó la versión 1.4 de SoftCMS el 1 de junio de 2015 para abordar esta vulnerabilidad. This vulnerability allows remote atta... • https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2015-1000 – Moxa VPort ActiveX SDK PLUS GetClientReg Model Parameter Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1000
05 Jun 2015 — Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. Desbordamiento de buffer basado en pila en el método OpenForIPCamTest en el control de ActiveX de RTSPVIDEO.rtspvideoCtrl.1 (también conocido como SStreamVideo) en Moxa SoftCMS anterior a 1.3 permite a atacantes remotos ejecutar código arbitrario a través del parámetro StrRtsp... • http://www.securityfocus.com/bid/74966 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •