Blog:CMS 4.2.1e - Multiple Vulnerabilities

Vulnerability ID: HTB22727 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinblogcms.html Product: BLOG:CMS Vendor: Radek Hulán http://blogcms.com/ Vulnerable Version: 4.2.1.e and probably prior versions Vendor Notification: 30 November 2010 Vulnerability Type: CSRF Cross-Site Request Forgery...

XSRF (CSRF) in CMScout

Vulnerability ID: HTB22719 Reference: http://www.htbridge.ch/advisory/xsrfcsrfincmscout.html Product: CMScout Vendor: CMScout Team http://www.cmscout.co.za/ Vulnerable Version: 2.09 and probably prior versions Vendor Notification: 25 November 2010 Vulnerability Type: CSRF Cross-Site Request Forge...

CMScout 2.09 - Cross-Site Request Forgery

CMScout 2.09 - Cross-Site Request Forgery Vulnerability ID: HTB22719 Reference: http://www.htbridge.ch/advisory/xsrfcsrfincmscout.html Product: CMScout Vendor: CMScout Team http://www.cmscout.co.za/ Vulnerable Version: 2.09 and probably prior versions Vendor Notification: 25 November 2010...

MemHT Portal 4.0.1 Stored Cross Site Scripting Vulnerability

Exploit for php platform in category web applications ============================================================ MemHT Portal 4.0.1 Stored Cross Site Scripting Vulnerability ============================================================ Product: MemHT Portal Vendor: Miltenovik Manojlo...

CVE-2010-2797

Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the defaultcmslang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different...

CVE-2010-2797

CMS Made Simple

XSS vulnerability in Mystic

Vulnerability ID: HTB22534 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinmystic.html Product: Mystic Vendor: Hulihan Applications http://hulihanapplications.com/projects/mystic Vulnerable Version: 0.1.4 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerability Typ...

Grafik CMS 1.1.2 Cross Site Scripting

Vulnerability ID: HTB22438 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityingrafikcms.html Product: Grafik CMS Vendor: GrafikPower Vulnerable Version: 1.1.2 and Probably Prior Versions Vendor Notification: 14 June 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed,...

XSS vulnerability in Grafik CMS

Vulnerability ID: HTB22439 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityingrafikcms1.html Product: Grafik CMS Vendor: GrafikPower Vulnerable Version: 1.1.2 and Probably Prior Versions Vendor Notification: 14 June 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed,...

SQL injection vulnerability in Grafik CMS

Vulnerability ID: HTB22440 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityingrafikcms.html Product: Grafik CMS Vendor: GrafikPower Vulnerable Version: 1.1.2 and Probably Prior Versions Vendor Notification: 14 June 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vend...

REvolution <= 10.02 CSRF (Cross-Site Request Forgery)

Exploit for php platform in category web applications ===================================================== REvolution &Xfiles=footerafter&confirm=1 " Solution: Upgrade to the most recent verison 0day.today 2018-01-02...

Discuz7. 0. 0 Flash Xss old vulnerabilities new ideas-vulnerability warning-the black bar safety net

DZ official website to see a bit, have been unable to upload jpg suffix swf file, but everyone noticed it, and DZ matching ucenter space album, you can upload a jpg suffix swf file. So I downloaded the latest version of DZ7. 0 and ucenter and ucenter space, test the consequences and then can be...

Gonafish LinksCaffePRO 4.5 (index.php) SQL Injection Vulnerability

No description provided by source. /\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ \ \ \ \ /',\ \ \ \ \ \ \ \ /\ /'\ /'\ \ \ \ /\ ,\ /, \ \ \ \ ,\ \ \ \ \ // / // /\//\///\/\ \ \/\ // // // //////// //// security breakd0wn! Title: Gonafish LinksCaffePRO 4.5 index.php SQL...

Gonafish LinksCaffePRO 4.5 (index.php) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== Gonafish LinksCaffePRO 4.5 index.php SQL Injection Vulnerability ================================================================== /\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ ...

Gonafish LinksCaffePRO 4.5 - index.php SQL Injection

Gonafish LinksCaffePRO 4.5 - index.php SQL Injection /\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ \ \ \ \ /',\ \ \ \ \ \ \ \ /\ /'\ /'\ \ \ \ /\ ,\ /, \ \ \ \ ,\ \ \ \ // / // /\//\///\/\ \ \/\ // // // //////// //// security breakd0wn! Title: Gonafish LinksCaffePRO 4.5...

CVE-2003-1541

PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt...

CVE-2003-1541

PlanetMoon Guestbook tr3.a stores sensitive information under the web root due to insufficient access control. This enables remote attackers to obtain the admin script password (and other passwords) via a direct request to files/passwd.txt. The available sources describe information disclosure wi...

Design/Logic Flaw

A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/createengine.php followed by a request to...

CVE-2007-2988

A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/createengine.php followed by a request to...

CVE-2007-2988

A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/createengine.php followed by a request to...