CVE-2007-6221 – TuMusika Evolution 1.7R5 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-6221
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. TuMusika Evolution 1.7R5 permite a atacantes remotos obtener información de la configuración a través de una respuesta directa en phpinfo.php, que llama a la función phpinfo. NOTA: el origen de esta información es desconocido; los detalles se obtuvieron solamente de terceras fuentes de información. • https://www.exploit-db.com/exploits/4674 http://secunia.com/advisories/27866 https://exchange.xforce.ibmcloud.com/vulnerabilities/38724 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-6188 – TuMusika Evolution 1.7R5 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-6188
Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php. Múltiples vulnerabilidades de salto de directorio en TuMusika Evolution 1.7R5 permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante una secuencia .. (punto punto) en el parámetro language a (1) languages_n.php, (2) languages_f.php, o (3) languages.php en inc/; y (4) permite a atacantes remotos leer ficheros locales de su elección mediante una secuencia .. • https://www.exploit-db.com/exploits/4674 http://osvdb.org/42450 http://osvdb.org/42451 http://osvdb.org/42452 http://osvdb.org/42453 http://secunia.com/advisories/27866 http://www.securityfocus.com/bid/26631 http://www.securityfocus.com/bid/26632 https://exchange.xforce.ibmcloud.com/vulnerabilities/38719 https://exchange.xforce.ibmcloud.com/vulnerabilities/38720 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-2090 – TuMusika Evolution 1.6 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2090
Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de TuMusika Evolution 1.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro msg. • https://www.exploit-db.com/exploits/29848 http://secunia.com/advisories/24874 http://securityreason.com/securityalert/2585 http://www.securityfocus.com/archive/1/465515/100/0/threaded http://www.vupen.com/english/advisories/2007/1374 https://exchange.xforce.ibmcloud.com/vulnerabilities/33593 •