3 results (0.005 seconds)

CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 2

PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter. Una vulnerabilidad de inclusión remota de archivos PHP en el archivo admin/business_inc/saveserver.php en SWSoft Confixx Pro versiones 2.0.12 hasta 3.3.1, permite a atacantes remotos ejecutar código PHP arbitrario por medio de una URL en el parámetro thisdir. • https://www.exploit-db.com/exploits/4219 ftp://download1.swsoft.com/Confixx/security_hotfix/1/release_notes.txt http://secunia.com/advisories/26300 http://www.securityfocus.com/bid/25036 http://www.vupen.com/english/advisories/2007/2743 http://xpkzxc.com/exploits/confixx.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/35586 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en tools_ftp_pwaendern.php en Confixx Pro v.3.0 y posiblemente en versiones anteriores, permite a atacantes remotos inyectar código script web de su elección o HTML a través del parámetro account. • http://secunia.com/advisories/20728 http://securityreason.com/securityalert/1126 http://www.osvdb.org/26628 http://www.securityfocus.com/archive/1/437550/100/0/threaded http://www.securityfocus.com/bid/18523 http://www.vupen.com/english/advisories/2006/2429 https://exchange.xforce.ibmcloud.com/vulnerabilities/27222 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field. • http://marc.info/?l=bugtraq&m=111444886429814&w=2 http://secunia.com/advisories/15121 http://securityreason.com/securityalert/694 http://www.osvdb.org/15815 http://www.securityfocus.com/bid/13355 •