CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5128
https://notcve.org/view.php?id=CVE-2008-5128
Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb. Ocean12 Membership Manager Pro graba información sensible bajo la raíz web con control de acceso insuficiente, el cual permite a los atacantes remotos obtener información sensible a través de una petición directa a fichero o12member.mdb. • http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt http://secunia.com/advisories/32409 https://exchange.xforce.ibmcloud.com/vulnerabilities/46133 https://exchange.xforce.ibmcloud.com/vulnerabilities/46693 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 5CVE-2005-1095 – Ocean12 Membership Manager Pro - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1095
Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter. • https://www.exploit-db.com/exploits/25354 http://secunia.com/advisories/14864 http://securitytracker.com/id?1013667 http://www.hackerscenter.com/archive/view.asp?id=1865 http://www.osvdb.org/15306 http://www.securityfocus.com/bid/13046 https://exchange.xforce.ibmcloud.com/vulnerabilities/20014 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1096
https://notcve.org/view.php?id=CVE-2005-1096
SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter. • http://secunia.com/advisories/14864 http://securitytracker.com/id?1013667 http://www.hackerscenter.com/archive/view.asp?id=1865 http://www.osvdb.org/15307 http://www.securityfocus.com/bid/13049 https://exchange.xforce.ibmcloud.com/vulnerabilities/20015 •