CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2009-4767 – Shoutbox 1.0 - HTML / Cross-Site Scripting Injection
https://notcve.org/view.php?id=CVE-2009-4767
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php en Plohni Shoutbox v1.0 permiten a atacantes remotos inyectar HTML o scripts web a través de los parámetros (1) input_name y (2) input_text. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • https://www.exploit-db.com/exploits/10168 http://osvdb.org/60310 http://secunia.com/advisories/37418 http://www.exploit-db.com/exploits/10168 https://exchange.xforce.ibmcloud.com/vulnerabilities/54321 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 5CVE-2009-4623 – Advanced Comment System 1.0 - Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2009-4623
Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598. Multiples vulnerabilidades de inclusión de fichero remoto PHP en Advanced Comment System versión 1.0. Permiten a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro ACS_path de (1) index.php y (2) admin.php de advanced_comment_system/. • https://www.exploit-db.com/exploits/9623 https://github.com/MonsempesSamuel/CVE-2009-4623 https://github.com/kernel-cyber/CVE-2009-4623 https://github.com/hupe1980/CVE-2009-4623 http://secunia.com/advisories/36643 http://www.exploit-db.com/exploits/9623 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2009-3356 – Image voting 1.0 - 'index.php?show' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3356
SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbitrary SQL commands via the show parameter. Vulnerabilidad de inyección SQL en index.php en Image voting v1.0 permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través del parámetro show. • https://www.exploit-db.com/exploits/9639 http://secunia.com/advisories/36705 http://www.exploit-db.com/exploits/9639 https://exchange.xforce.ibmcloud.com/vulnerabilities/53178 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2009-3367 – An image Gallery 1.0 - 'navigation.php' Local Directory Traversal
https://notcve.org/view.php?id=CVE-2009-3367
Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad múltiple de ejecución de secuencias de comandos en sitios cruzados - XSS en una galería de imágenes v1.0 permite a los atacantes remotos inyectar arbitrariamente una secuencia de comando web o HTML a travé del parámetro path para (1) index.php y (2) main.php, y el parámetro (3) show para main.php NOTA: la procedencia de esta información es desconocida; los detalles ha sido obtenidos únicamente a partir de información de terceros. • https://www.exploit-db.com/exploits/9636 http://osvdb.org/57944 http://osvdb.org/57945 http://secunia.com/advisories/36680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2009-3366 – An image Gallery 1.0 - 'navigation.php' Local Directory Traversal
https://notcve.org/view.php?id=CVE-2009-3366
Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter. Vulnerabilidad de salto de directorio en navigation.php en An image gallery v1.0, permite a atacantes remotos listar archivos de su elección a través de ..(punto punto) en el parámetro "path". • https://www.exploit-db.com/exploits/9636 http://osvdb.org/57943 http://secunia.com/advisories/36680 http://www.exploit-db.com/exploits/9636 https://exchange.xforce.ibmcloud.com/vulnerabilities/53148 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •