5 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files. WEBinsta mailing list manager v1.3e permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con install/install3.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/webinsta-mail-list-1.3e http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1

PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en install3.php en WEBInsta Mailing List Manager 1.3e permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro cabsolute_path. • https://www.exploit-db.com/exploits/2171 http://securityreason.com/securityalert/1404 http://www.bb-pcsecurity.de/Websecurity/311/org/WEBInsta_Mailing_list_manager_%28cabsolute_path%29_1.3e_RFI.htm http://www.securityfocus.com/archive/1/442983/100/0/threaded http://www.securityfocus.com/bid/19477 https://exchange.xforce.ibmcloud.com/vulnerabilities/28340 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter. • http://archives.neohapsis.com/archives/bugtraq/2005-04/0491.html http://secunia.com/advisories/15178 http://securitytracker.com/id?1013833 http://www.osvdb.org/15959 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release." • http://secunia.com/advisories/12994 http://securitytracker.com/id?1011958 http://sourceforge.net/project/shownotes.php?release_id=277981 http://www.osvdb.org/11172 https://exchange.xforce.ibmcloud.com/vulnerabilities/17883 •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2

Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager (EMLM) 1.32 allow remote attackers to execute arbitrary PHP code via a URL in (1) the emml_admin_path parameter to admin/auth.php or (2) the emml_path parameter to emml_email_func.php. • https://www.exploit-db.com/exploits/23218 http://securitytracker.com/id?1007884 http://www.securityfocus.com/archive/1/340244 http://www.securityfocus.com/bid/8767 •