CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 1CVE-2011-3854 – ZenLite <= 4.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3854
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema ZenLite anteriores a v4.4 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s. • http://secunia.com/advisories/46296 https://sitewat.ch/en/Advisories/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 2CVE-2009-0331 – ESPG (Enhanced Simple PHP Gallery) 1.72 - File Disclosure
https://notcve.org/view.php?id=CVE-2009-0331
Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG. Vulnerabilidad de salto de directorio en gallery/comment.php en Enhanced Simple PHP Gallery (ESPG) v1.72 permitiria a atacantes remotos leer ficheros de su eleccion a traves de .. • https://www.exploit-db.com/exploits/7819 http://www.securityfocus.com/bid/33335 https://exchange.xforce.ibmcloud.com/vulnerabilities/48087 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-0340 – Simple PHP NewsLetter 1.5 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-0340
Multiple directory traversal vulnerabilities in Simple PHP Newsletter 1.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the olang parameter to (1) mail.php and (2) mailbar.php. Multiples vulnerabilidades de salto de directorio en Simple PHP Newsletter v1.5 que permitiria a atacantes remotos leer ficheros a traves de ..(punto punto) en el parametro "olang" en (1)mail.php y (2) mailbar.php. • https://www.exploit-db.com/exploits/7813 http://www.securityfocus.com/bid/33327 https://exchange.xforce.ibmcloud.com/vulnerabilities/48089 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4861
https://notcve.org/view.php?id=CVE-2007-4861
SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages. SAXON 5.4, con display_errors habilitado, permite a atacantes remotos obtener información sensible a través de (1) una respuesta directa para news.php, (2) una utilización inválida de un parámetro array newsid en admin/edit-item.php, y posiblemente vectores no especificados relacionado con secuencias de comandos adicionales en (3) admin/, (4) rss/, y (5) el directorio raiz de instalación, lo cual revela la ruta en varios mensajes de error. • http://osvdb.org/45330 http://osvdb.org/45331 http://osvdb.org/45332 http://osvdb.org/45333 http://osvdb.org/45334 http://securityreason.com/securityalert/3311 http://www.netvigilance.com/advisory0053 http://www.quirm.net/punbb/viewtopic.php?id=129 http://www.securityfocus.com/archive/1/482930/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/38138 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4863 – Saxon 5.4 - 'Example.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-4863
SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter. Vulnerabilidad de inyección SQL en example.php en SAXON 5.4 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro template. SAXON version 5.4 is susceptible to a SQL injection vulnerability. • https://www.exploit-db.com/exploits/30719 http://osvdb.org/38839 http://securityreason.com/securityalert/3309 http://www.netvigilance.com/advisory0055 http://www.quirm.net/punbb/viewtopic.php?id=129 http://www.securityfocus.com/archive/1/482921/100/0/threaded http://www.securityfocus.com/bid/26238 https://exchange.xforce.ibmcloud.com/vulnerabilities/38136 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •