NotCVE - vendor:"Pixelpost" product:"Pixelpost" version:" <= 1.7.3"

16 results (0.004 seconds)

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1

CVE-2010-3305

https://notcve.org/view.php?id=CVE-2010-3305

Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password. La vulnerabilidad de tipo cross-site request forgery (CSRF) en pixelpost versión 1.7.3, podría permitir a atacantes remotos cambiar la contraseña de administrador. • https://access.redhat.com/security/cve/cve-2010-3305 https://security-tracker.debian.org/tracker/CVE-2010-3305 https://www.exploit-db.com/exploits/15014 https://www.openwall.com/lists/oss-security/2010/09/17/7 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2009-4900

https://notcve.org/view.php?id=CVE-2009-4900

pixelpost 1.7.1 has XSS pixelpost versión 1.7.1 tiene una vulnerabilidad de tipo XSS. • https://access.redhat.com/security/cve/cve-2009-4900 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597224 https://security-tracker.debian.org/tracker/CVE-2009-4900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2009-4899

https://notcve.org/view.php?id=CVE-2009-4899

pixelpost 1.7.1 has SQL injection pixelpost versión 1.7.1 tiene una inyección SQL. • https://access.redhat.com/security/cve/cve-2009-4899 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597224 https://security-tracker.debian.org/tracker/CVE-2009-4899 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-0605

https://notcve.org/view.php?id=CVE-2018-0605

Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting (XSS) en Pixelpost, en versiones 1.7.3 y anteriores, permite que los atacantes inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN27978559/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-0606

https://notcve.org/view.php?id=CVE-2018-0606

SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Pixelpost, en versiones 1.7.3 y anteriores, permite que los atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN27978559/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1 2 3 4