3 results (0.008 seconds)

CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 3

Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. Vulnerabilidad de actualización de archivo en adm/visual/upload.php en SiteXS CMS v0.1.1 permite a atacantes remotos ejecutar código de su elección mediante la subida de un fichero con una extensión ejecutable, entonces accede a él a través de una petición directa al fichero en images/. • https://www.exploit-db.com/exploits/31729 http://www.securityfocus.com/archive/1/491578/100/0/threaded http://www.securityfocus.com/bid/29029 https://exchange.xforce.ibmcloud.com/vulnerabilities/42250 https://www.exploit-db.com/exploits/5726 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2

Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter. Vulnerabilidad de salto de directorio en post.php en SiteXS CMS v0.1.1 y anteriores permite a atacantes remotos incluir y ejecutar ficheros de su elección mediante un .. (punto punto) en el parámetro type. • https://www.exploit-db.com/exploits/7879 http://www.securityfocus.com/bid/33457 http://www.vupen.com/english/advisories/2009/0247 https://exchange.xforce.ibmcloud.com/vulnerabilities/48236 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de Softpedia SiteXS CMS 0.1.1 Pre-Alpha permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro user. • https://www.exploit-db.com/exploits/5880 http://marc.info/?l=bugtraq&m=120950161507846&w=2 http://www.securityfocus.com/bid/28984 https://exchange.xforce.ibmcloud.com/vulnerabilities/42093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •