3 results (0.009 seconds)

CVSS: 6.1EPSS: 33%CPEs: 7EXPL: 2

CVE-2013-2637 – OTRS 3.x - FAQ Module Persistent Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-2637

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en OTRS ITSM versiones anteriores a 3.2.4, 3.1.8 y 3.0.7 y FAQ versiones anteriores a 2.1.4 y 2.0.8, por medio de changes, workorder items, y FAQ articles, podrían permitir a un usuario malicioso remoto ejecutar código arbitrario. • https://www.exploit-db.com/exploits/24922 http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html http://www.exploit-db.com/exploits/24922 http://www.securityfocus.com/bid/58930 https://exchange.xforce.ibmcloud.com/vulnerabilities/83288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2

CVE-2006-4008 – Knusperleicht FAQ 1.0 Script - 'index.php' Remote File Inclusion

https://notcve.org/view.php?id=CVE-2006-4008

PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Knusperleicht Faq 1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro faq_path. • https://www.exploit-db.com/exploits/28319 http://securityreason.com/securityalert/1332 http://www.securityfocus.com/archive/1/441812/100/0/threaded http://www.securityfocus.com/bid/19272 https://exchange.xforce.ibmcloud.com/vulnerabilities/28130 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 6

CVE-2005-3938 – SoftBiz FAQ 1.1 - 'add_comment.php?id' SQL Injection

https://notcve.org/view.php?id=CVE-2005-3938

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php. • https://www.exploit-db.com/exploits/26677 https://www.exploit-db.com/exploits/26674 https://www.exploit-db.com/exploits/26673 https://www.exploit-db.com/exploits/26676 https://www.exploit-db.com/exploits/26675 http://pridels0.blogspot.com/2005/11/softbiz-faq-script-multiple-sql-vuln.html http://secunia.com/advisories/17809 http://www.osvdb.org/21257 http://www.osvdb.org/21258 http://www.osvdb.org/21259 http://www.osvdb.org/21260 http://www.osvdb.org •