Total
11 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2634 | 1 Neocrome | 1 Seditio | 2018-10-18 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field. | |||||
CVE-2006-6577 | 1 Neocrome | 2 Land Down Under, Seditio | 2018-10-17 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2006-6177 | 1 Neocrome | 1 Seditio | 2018-10-17 | 7.5 HIGH | N/A |
SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527). | |||||
CVE-2006-6343 | 1 Neocrome | 1 Seditio | 2018-10-17 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2009-1411 | 1 Neocrome | 1 Seditio | 2017-09-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php. | |||||
CVE-2007-4057 | 1 Neocrome | 1 Seditio | 2017-09-28 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio 121 and earlier allows remote authenticated users to upload arbitrary PHP code via a filename ending with (1) .php.gif, (2) .php.jpg, or (3) .php.png. | |||||
CVE-2007-6202 | 1 Neocrome | 1 Seditio | 2017-09-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php. | |||||
CVE-2012-5914 | 1 Neocrome | 1 Seditio | 2017-08-28 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-5915 | 1 Neocrome | 1 Seditio | 2017-08-28 | 5.0 MEDIUM | N/A |
Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message. | |||||
CVE-2012-5916 | 1 Neocrome | 1 Seditio | 2017-08-28 | 5.0 MEDIUM | N/A |
Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql. | |||||
CVE-2006-6344 | 1 Neocrome | 1 Seditio | 2011-03-07 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by CVE-2006-6177. NOTE: these issues might be related to SQL injection. |