CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5980 – Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5980
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. El gestor de listas de correo Ocean12 Mailing List Manager Gold almacena datos sensibles bajo el directorio raíz del arbol de directorios de la interfaz web con un control de acceso insuficiente, lo que permite a atacantes remotos descargar una base de datos a través de una petición directa de o12mail.mdb. • https://www.exploit-db.com/exploits/7319 http://secunia.com/advisories/32929 https://exchange.xforce.ibmcloud.com/vulnerabilities/47023 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-5978 – Ocean12 Mailing LisManager Gold 2.04 - 'Email' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5978
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp. Múltiples vulnerabilidades de inyección de SQL en Ocean12 Mailing List Manager Gold permite a atacantes remotos ejecutar comandos SQL a través del parámetro Email en (1) default.asp y (2) s_edit.asp. • https://www.exploit-db.com/exploits/32603 https://www.exploit-db.com/exploits/7319 http://secunia.com/advisories/32929 http://www.securityfocus.com/bid/32587 https://exchange.xforce.ibmcloud.com/vulnerabilities/47021 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5979 – Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5979
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en default.asp en Ocean12 Maling List Manager Gold permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro Email. • https://www.exploit-db.com/exploits/7319 http://secunia.com/advisories/32929 http://www.securityfocus.com/bid/32587 https://exchange.xforce.ibmcloud.com/vulnerabilities/47022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2005-1419
https://notcve.org/view.php?id=CVE-2005-1419
SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter. • http://archives.neohapsis.com/archives/bugtraq/2005-04/0491.html http://secunia.com/advisories/15178 http://securitytracker.com/id?1013833 http://www.osvdb.org/15959 •