Chap0

#10112of 53,624
27.3Total CVSS
Vulnerabilities · 4
Medium
2
High
2
PT-2012-6229
6.5
2012-11-26
Razorcms · Razorcms · CVE-2012-6038
**Name of the Vulnerable Software and Affected Versions** razorCMS versions prior to 1.2.1 **Description** The issue allows remote authenticated users to access certain administrator directories and files without proper restriction, enabling them to read, edit, rename, move, copy, and delete files. This is achieved via the `dir` parameter in a "fileman" or "filemanview" action, and has been referred to as a "path traversal" issue. **Recommendations** For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrator directories and files to minimize the risk of exploitation.
PT-2012-6199
4.0
2012-11-19
Razorcms · Razorcms · CVE-2012-5918
**Name of the Vulnerable Software and Affected Versions** razorCMS version 1.2 **Description** The issue allows remote authenticated users to access administrator directories and files by creating and deleting a directory. **Recommendations** For razorCMS version 1.2, consider restricting access to administrator directories and files to prevent unauthorized access until a patch is available.
PT-2012-3025
7.5
2012-02-08
Xray · Xray Cms · CVE-2012-1026
**Name of the Vulnerable Software and Affected Versions** XRay CMS version 1.1.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` or `password` parameters in the login2.php file. **Recommendations** For XRay CMS version 1.1.1, update to a version that fixes the SQL injection vulnerabilities in the login2.php file. As a temporary workaround, consider restricting access to the login2.php file to minimize the risk of exploitation. Avoid using the `username` and `password` parameters in the affected file until the issue is resolved.
PT-2010-3929
9.3
2010-06-21
D.R. · D.R. Software Audio Converter · CVE-2010-2343
**Name of the Vulnerable Software and Affected Versions** D.R. Software Audio Converter versions 8.1, 8.05, and 2007 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a crafted pls playlist file. **Recommendations** For version 8.1, update to a version that fixes the stack-based buffer overflow issue. For version 8.05, update to a version that fixes the stack-based buffer overflow issue. For version 2007, update to a version that fixes the stack-based buffer overflow issue. As a temporary workaround, consider avoiding the use of crafted pls playlist files until a patch is available.