58 matches found
EUVD-2014-4995
Malware in sbrugna...
EUVD-2015-1503
Malware in sbrugna...
EUVD-2015-6529
Malware in sbrugna...
EUVD-2015-1502
Malware in sbrugna...
CVE-2015-1364
SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/...
CVE-2014-4170
CVE-2014-4170 describes an improper access control vulnerability in ArticleFR (Free Reprintables) where the data.php script lacks sufficient restrictions. A remote attacker can issue crafted requests to /data.php and execute arbitrary UPDATE SQL commands, enabling modification or deletion of data...
CVE-2015-6591
Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter...
CVE-2015-6591
The CVE-2015-6591 entry concerns Free Reprintables ArticleFR 3.0.7 and earlier. It affects the web application path application/templates/amelia/loadjs.php, where the s parameter is used to read files via file_get_contents without proper validation, enabling local arbitrary file read by a non-aut...
CVE-2015-6591
Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter...
Free Reprintables ArticleFR Has Multiple Cross-Site Request Forgery Vulnerabilities
Free Reprintables ArticleFR is an article directory scripting system from Free Reprintables Philippines. Free Reprintables ArticleFR 3.0.6 suffers from multiple cross-site request forgery vulnerabilities that allow remote attackers to hijack an administrator authentication request to add an...
Free Reprintables ArticleFR Cross-Site Scripting Vulnerability
ArticleFR is an article directory and content catalog system. Multiple cross-site scripting vulnerabilities exist in Free Reprintables ArticleFR version 3.0.6, which stem from the dashboard/settings/categories/ URI not sufficiently filtering the 'name' parameter, the dashboard/settings/links/ URI...
CVE-2015-5530
Multiple cross-site request forgery CSRF vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/...
CVE-2015-5529
Multiple cross-site scripting XSS vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 name parameter to dashboard/settings/categories/, 2 title or 3 rel parameter to dashboard/settings/links/, or 4 url parameter to...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 name parameter to dashboard/settings/categories/, 2 title or 3 rel parameter to dashboard/settings/links/, or 4 url parameter to...
CVE-2015-5530
Multiple cross-site request forgery CSRF vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/...
CVE-2015-5530
CVE-2015-5530 affects Free Reprintables ArticleFR 3.0.6. The vulnerability is CSRF that lets an attacker cause an admin account to be created via dashboard/users/create/, effectively hijacking an administrator’s authentication context. The NVD entry lists a base score of 6.8 (Medium) with network...
CVE-2015-5529
Affected software: Free Reprintables ArticleFR 3.0.6. Vulnerable components: dashboard/settings/categories/ (name parameter), dashboard/settings/links/ (title and rel parameters), dashboard/tools/pingservers/ (url parameter). Issue: stored cross-site scripting due to inadequate input sanitization...
ArticleFR 3.0.6 CSRF Add Admin Exploit
Summary A lightweight fully featured content article / video management system. Comes with a pluginable and multiple module framework system. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This c...
ArticleFR 3.0.6 - Multiple Vulnerabilities
ArticleFR 3.0.6 - Multiple Vulnerabilities ArticleFR 3.0.6 CSRF Add Admin Exploit Vendor: Free Reprintables Product web page: http://www.freereprintables.com Affected version: 3.0.6 Summary: A lightweight fully featured content article / video management system. Comes with a pluginable and...