205 matches found
Content Spoofing and Cross-Site Scripting vulnerabilities in Bitrix Site Manager
Hello 3APA3A! I want to warn you about security vulnerabilities in Bitrix Site Manager. It is commercial CMS. These are Content Spoofing and Cross-Site Scripting vulnerabilities. These holes bypass built-in WAF and all other protections of Bitrix. ------------------------- Affected products:...
Bitrix Site Manager 11.5 XSS / Content Spoofing
Hello list! I want to warn you about security vulnerabilities in Bitrix Site Manager. It is commercial CMS. These are Content Spoofing and Cross-Site Scripting vulnerabilities. These holes bypass built-in WAF and all other protections of Bitrix. ------------------------- Affected products:...
Bitrix Site Manager 11.5 XSS / Content Spoofing
Vulnerable are Bitrix Site Manager 11.5 and previous versions. Which consist JW Player Pro. Versions of Bitrix 11.5 after 2012.08.24 must be not affected, because the developers fixed these holes after my informing. As I've checked at main sites of developers, where I found these vulnerabilities,...
Bitrix Cross Site Scripting
Exploit Title: Bitrix Cross Site Scripting Date: 3.08.2011 Author: Sony Software Link: http://www.1c-bitrix.ru/ POC: http://st2tea.blogspot.com/2011/09/bitrix-cross-site-scripting.html .................................................................. templates:gameshowroom Demo:...
Bitrix Site Manager Remote File Inclusion
Author : Don Tukulesto [email protected] + Date : November 13, 2009 + Homepage : http://www.indonesiancoder.com + Vendor : http://www.bitrixsoft.com/ + Method : Remote File Inclusion + Location : INDONESIA Notes : I know this is an old bugs, but i just write this exploit under perl module...
Bitrix Site Manager Multiple Remote File Include Vulnerability
No description provided by source. + Author : Don Tukulesto [email protected] + Date : November 13, 2009 + Homepage : http://www.indonesiancoder.com + Vendor : http://www.bitrixsoft.com/ + Method : Remote File Inclusion + Location : INDONESIA Notes : I know this is an old bugs, but i just...
[ONSEC-09-013] 1C Bitrix 8.0.5 Admin Console XSS
ONSEC-09-013 1C Bitrix 8.0.5 Admin Console XSS Цель: 1C Bitrix 8.0.5 Тип: Межсайтовый скриптинг Угроза: Средняя Дата обнаружения: 25.08.2009 Дата оповещения разработчика: 30.08.2009 Дата выхода исправления: 01.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание:...
[ONSEC-09-014] 1C Bitrix WAF multiple XSS
Цель: 1C Bitrix WAF =8.0.5 Тип: Межсайтовый скриптинг Угроза: Средняя Дата обнаружения: 29.08.2009 Дата оповещения разработчика: 29.08.2009 Дата выхода исправления: 01.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Проактивный фильтр WAF системы управления...
Bitrix Site Manager 67 - Multiple Input Validation Vulnerabilities
Bitrix Site Manager 67 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/33689/info Bitrix Site Manager is prone to multiple input-validation vulnerabilities: - An authentication-bypass vulnerability - A cross-site scripting vulnerability An attacker may levera...
Bitrix Site Manager 6/7 - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/33689/info Bitrix Site Manager is prone to multiple input-validation vulnerabilities: - An authentication-bypass vulnerability - A cross-site scripting vulnerability An attacker may leverage these issues to gain unauthorized access to the affected...
CVE-2008-2052
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter...
Open redirect
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter...
CVE-2008-2052
The CVE-2008-2052 entry describes an open redirect vulnerability in redirect.php of Bitrix Site Manager 6.5, exploitable via a URL in the goto parameter. The issue could allow remote attackers to redirect users to arbitrary sites, enabling phishing-style redirection. Affected component: Bitrix Si...
CVE-2008-2052
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter...
PT-2008-3569 · Bitrix +1 · Bitrix Site Manager +1
Name of the Vulnerable Software and Affected Versions: Bitrix Site Manager version 6.5 Description: The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter in the redirect.php file. This can lead to unauthorized acces...
Unfixed Redirect vulnerability at www.portslock.com
Security researcher holisticinfosec, has submitted on 29/04/2008 a Redirect vulnerability affecting www.portslock.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/06/2008. It is currently unfixed...
Cross site scripting
Cross-site scripting XSS vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs...
CVE-2006-2479
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site...
CVE-2006-2476
Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...
CVE-2006-2478
Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified backurl during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term...