CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11807
https://notcve.org/view.php?id=CVE-2020-11807
19 May 2020 — Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path. Debido a una Carga Sin Restricciones de un archivo con un Dangerous Type, Sourcefabric Newscoop versión 4.4.7, permite a un usuario autenticado ejecutar código PHP arbitrario (y, a veces, comandos de terminal) en un servidor al r... • https://gist.github.com/V-Rico/82e9e52ac451dc20eef87b0999b3b1ee • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0730
https://notcve.org/view.php?id=CVE-2013-0730
22 Feb 2013 — Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to application/modules/admin/controllers/LanguagesController.php or (2) user parameter to application/modules/admin/controllers/UserController.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Newscoop v4.x hasta v4.1.0, permite a atacantes remotos inyectar secuencias d... • http://forum.sourcefabric.org/discussion/15052/security-patch-released-for-newscoop-4-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 2CVE-2012-4679 – newscoop 3.5.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4679
27 Aug 2012 — Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter. Vulnerabilidad de ejecución de ejecución de comandos en sitios cruzados (XSS) en admin/login.php en Newscoop anterior a v3.5.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro f_user_name. • https://www.exploit-db.com/exploits/18752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 7CVE-2012-1934 – newscoop 3.5.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1934
27 Aug 2012 — SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. Una vulnerabilidad de inyección SQL en admin/country/edit.php en Newscoop anterior qa v3.5.5 y v4.x anterior del 4 de RC4, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro f_country_code. • https://www.exploit-db.com/exploits/18752 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 5CVE-2012-1933 – newscoop 3.5.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1933
27 Aug 2012 — Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php. Múltiples vulnerabilidades de inclusión remota de archivo PHP en Newscoop v3.5.x anterior a v3.5.5 y 4 anterior de RC4, cuando register_globals está activado, permite a atacant... • https://www.exploit-db.com/exploits/18752 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 8CVE-2012-1935 – newscoop 3.5.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1935
27 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php. Múltiples vulnerabilidades de ejcución de secuencias de comandos en sitios cruzados (XSS) en Newscoop v3.5.x anterior a v3.5.5 y v4.x anterior 4 de RC4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a ... • https://www.exploit-db.com/exploits/18752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •