128 matches found
GetSimple CMS 2.01 and 2.02 Administrative Credentials Disclosure
No description provided by source. Researcher: Michael Brooks Affecting: GetSimple CMS 2.01 and 2.02 Fixed:2.03 Vulnerability: Administrative Credentials Disclosure Vendor's Homepage: http://code.google.com/p/get-simple-cms download url for 2.01: http://www.box.net/get-simple/1/30435008/399754548...
CMS Touch 2.01 Cross Site Scripting / SQL Injection
cms touch V2.01 Sql Vulnerability ================================= Author : indoushka vendor : http://cmstouch.com ================================= Dork : powered by cmstouch نظام تاتش لإدارة المواقع الإلكترونية النسخة 2.01 http://alfarrajsite.com/cmstouch/pages.php?PageID=28 inject here...
CMS Touch - 'pages.php?Page_ID' SQL Injection
source: https://www.securityfocus.com/bid/67377/info CMS Touch is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit...
Directory traversal
Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter. NOTE: some of these details are obtained from third party information...
CVE-2012-6523
Multiple cross-site scripting XSS vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via 1 the p parameter in the getMenus function in codes/wcms.php; or the COMMENT parameter in 2 blog.php, 3 guestbook.php, or 4 forum.php in codes/. NOTE: some of these...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via 1 the p parameter in the getMenus function in codes/wcms.php; or the COMMENT parameter in 2 blog.php, 3 guestbook.php, or 4 forum.php in codes/. NOTE: some of these...
CVE-2012-6523
Multiple cross-site scripting XSS vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via 1 the p parameter in the getMenus function in codes/wcms.php; or the COMMENT parameter in 2 blog.php, 3 guestbook.php, or 4 forum.php in codes/. NOTE: some of these...
CVE-2012-6523
CVE-2012-6523 describes multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01. The flaws allow remote attackers to inject arbitrary web script or HTML via: (1) the p parameter in the getMenus function in codes/wcms.php; and (2) the COMMENT parameter in blog.php, guestbook.php, or foru...
W-CMS 2.01 Cross Site Scripting / Directory Traversal
Exploit Title: W-Cms Multiple Vulnerability Date: 2012-01-09 Author: th3.g4m30v3r Site:http://w-cms.info/ Software Link: http://code.google.com/p/wcms/ Dork: intext:"Powered by w-CMS" Version : 2.01 Tested on: Window 7 Yogesh Kashyap, shubneet goel, w4rl0ck.d0wn, Chip, VzAcnY, Razzy, Sayan, Jaggi...
CVE-2010-5052
Cross-site scripting XSS vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val parameter...
CVE-2010-4863
Cross-site scripting XSS vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter...
CVE-2010-4863
GetSimple CMS 2.01 is affected by a Cross-site Scripting (XSS) vulnerability in admin/changedata.php via the post-title parameter. The root cause is an input sanitation error that allows remote attackers to inject arbitrary HTML/JS into a user’s browser. The CVE entry CVE-2010-4863 documents this...
WordPress Plugin Paid Downloads 2.01 - SQL Injection
WordPress Plugin Paid Downloads 2.01 - SQL Injection Exploit Title: WordPress Paid Downloads plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $downloadkey = $GET"downloadkey"; $sql = "SELECT FROM ".$wpdb-prefix."pddownloadlinks WHERE...
WordPress Paid Downloads plugin <= 2.01 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Paid Downloads plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $downloadkey = $GET"downloadkey"; $sql = "SELECT FROM ".$wpdb-prefix."pddownloadlinks WHERE...
JAKCMS <= v2.01 RC1 Blind SQL Injection Exploit
Exploit for php platform in category web applications !/usr/bin/python jakCMS = v2.01 RC1 Blind SQL Injection Exploit Understanding: The parameters 'JAKCOOKIENAME' and 'JAKCOOKIEPASS' are parsed via cookies to the application and are unchecked for malicious characters. The contents of these...
GetSimple CMS < 2.03 Administrative Credentials Disclosure Vulnerability
GetSimple CMS is prone to an administrative credentials disclosure vulnerability. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...
Getsimple CMS 2.01 - changedata.php Cross-Site Scripting
Getsimple CMS 2.01 - changedata.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43593/info GetSimple CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scri...
GetSimple CMS 2.01 Cross Site Request Forgery / Cross Site Scripting
Date: Mon 12 Jul 2010 12:11:45 PM EEST Vendor: http://get-simple.info/ Download: http://www.box.net/get-simple --- -= CSRF PoC 1 - Change Admin Password =- GetSimple CMS 2.01 Multiple Vulnerabilities XSS/CSRF - Change Admin Password -= CSRF PoC 2 - Delete Page =- -= CSRF PoC 3 - Delete All Backup...
Getsimple CMS 2.01 - Multiple Vulnerabilities
Date: Mon 12 Jul 2010 12:11:45 PM EEST Vendor: http://get-simple.info/ Download: http://www.box.net/get-simple --- -= CSRF PoC 1 - Change Admin Password =- GetSimple CMS 2.01 Multiple Vulnerabilities XSS/CSRF - Change Admin Password -= CSRF PoC 2 - Delete Page =- -= CSRF PoC 3 - Delete All Backup...
openMairie openCimetiere Multiple File Inclusion Vulnerabilities
This host is running openMairie openCimetiere and is prone to multiple file inclusion vulnerabilities. OpenVAS Vulnerability Test $Id: secpodopenmairieopencimetieremultfileinclvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ openMairie openCimetiere Multiple File Inclusion Vulnerabilities Authors:...