5 results (0.005 seconds)

CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 2

PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter. Una vulnerabilidad de inclusión remota de archivos PHP en el archivo admin/business_inc/saveserver.php en SWSoft Confixx Pro versiones 2.0.12 hasta 3.3.1, permite a atacantes remotos ejecutar código PHP arbitrario por medio de una URL en el parámetro thisdir. • https://www.exploit-db.com/exploits/4219 ftp://download1.swsoft.com/Confixx/security_hotfix/1/release_notes.txt http://secunia.com/advisories/26300 http://www.securityfocus.com/bid/25036 http://www.vupen.com/english/advisories/2007/2743 http://xpkzxc.com/exploits/confixx.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/35586 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en tools_ftp_pwaendern.php en Confixx Pro v.3.0 y posiblemente en versiones anteriores, permite a atacantes remotos inyectar código script web de su elección o HTML a través del parámetro account. • http://secunia.com/advisories/20728 http://securityreason.com/securityalert/1126 http://www.osvdb.org/26628 http://www.securityfocus.com/archive/1/437550/100/0/threaded http://www.securityfocus.com/bid/18523 http://www.vupen.com/english/advisories/2006/2429 https://exchange.xforce.ibmcloud.com/vulnerabilities/27222 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. • https://www.exploit-db.com/exploits/27884 http://secunia.com/advisories/20105 http://securityreason.com/securityalert/687 http://securityreason.com/securityalert/903 http://www.osvdb.org/25525 http://www.securityfocus.com/archive/1/434034/100/0/threaded http://www.securityfocus.com/bid/17984 http://www.vupen.com/english/advisories/2006/1817 https://exchange.xforce.ibmcloud.com/vulnerabilities/26472 •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 3

SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter. • https://www.exploit-db.com/exploits/27628 http://download1.swsoft.com/Confixx/security_hotfix/release_notes.txt http://secunia.com/advisories/19611 http://www.securityfocus.com/archive/1/430671/100/0/threaded http://www.securityfocus.com/archive/1/430890/100/0/threaded http://www.securityfocus.com/archive/1/431421/100/0/threaded http://www.securityfocus.com/bid/17476 http://www.vupen.com/english/advisories/2006/1331 https://exchange.xforce.ibmcloud.com/vulnerabilities/25749 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field. • http://marc.info/?l=bugtraq&m=111444886429814&w=2 http://secunia.com/advisories/15121 http://securityreason.com/securityalert/694 http://www.osvdb.org/15815 http://www.securityfocus.com/bid/13355 •