118 matches found
CVE-2018-14777
An issue was discovered in DataLife Engine DLE through 13.0. An attacker can use XSS related to the /addnews.html and /index.php?do=addnews URIs to send a malicious script to unsuspecting Admins or users...
Design/Logic Flaw
An issue was discovered in DataLife Engine DLE through 13.0. An attacker can use XSS related to the /addnews.html and /index.php?do=addnews URIs to send a malicious script to unsuspecting Admins or users...
CVE-2018-14777
An issue was discovered in DataLife Engine DLE through 13.0. An attacker can use XSS related to the /addnews.html and /index.php?do=addnews URIs to send a malicious script to unsuspecting Admins or users...
CVE-2018-14777
DataLife Engine (DLE) before or at version 13.0 contains a cross-site scripting (XSS) vulnerability that affects the /addnews.html and /index.php?do=addnews endpoints. An attacker can inject malicious scripts that are rendered inAdmin or user browsers, enabling access to cookies, session tokens, ...
CVE-2018-14777
An issue was discovered in DataLife Engine DLE through 13.0. An attacker can use XSS related to the /addnews.html and /index.php?do=addnews URIs to send a malicious script to unsuspecting Admins or users...
DataLife Engine 13.0 Cross Site Scripting
Title: DataLife Engine Core Cross Site Scripting XSS & Execution Code + Date: 2018/08/02 + Author: Mostafa Gharzi + Team: Maher - CertCC.ir + Vendor Homepage: www.dleviet.com www.dle-news.com + Tested on: Windows 10 & Kali Linux + Versions: 13.0 and Before + Vulnerable Parameter: Post Method +...
DataLife Engine 11.1 Cross Site Scripting
... ========================== - Discovered By : 0x3a - http://iran-cyber.net - tahadot0x3aatgmaildotcom - Credit To Iran Cyber Security Group - Release Date : 10.8.2016 - Level : High ========================== I.Vulnerability --------------- DataLife Engine 11.1 process $POST'title' ; They used...
Datalife Engine 9.7 preview.php Bindshell
?php // Exploit Title: Datalife Engine 9.7 Bindshell Exploit // Date: 13/12/2015 // Exploit Author: ssbostan // Vendor Homepage: http://dleviet.com/ // Version: == 9.7 // Tested on: Datalife Engine 9.7 // CVE: http://www.cvedetails.com/cve/CVE-2013-1412/...
DataLife Engine <= 4.1 - Remote SQL Injection Exploit (perl)
No description provided by source. !/usr/bin/perl DataLife Engine sql injection exploit by RST/GHC coded by 1dt.w0lf RST/GHC http://rst.void.ru http://ghc.ru 18.06.06 use LWP::UserAgent; use Getopt::Std; getopts'u:n:p:'; $url = $optu; $name = $optn; $prefix = $optp || 'dle'; if!$url || !$name $sn...
Datalife Engine CMS 7.2 'admin.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31335/info Datalife Engine CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...
DataLife Engine 8.3 engine/inc/include/init.php selected_language Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application...
DataLife Engine 8.3 engine/inc/help.php config[langs] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application...
DataLife Engine 8.3 engine/ajax/addcomments.php _REQUEST[skin] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application...
DataLife Engine 8.3 engine/ajax/pm.php config[lang] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application...
DataLife Engine <= 4.1 - Remote SQL Injection Exploit (php)
No description provided by source. ?php errorreporting EERROR; inisetmaxexecutiontime,0; echo ' +========================================+ | RST/GHC Datalife SQL injection exploit | +========================================+ Lite Version for DLE =4.1 '; if $argc 2 print Usage: . $argv0 . host use...
SoftNews 4.1/5.5 engine/init.php root_dir Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of...
SoftNews 4.1/5.5 engine/Ajax/editnews.php root_dir Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of...
DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
No description provided by source...
DataLife Engine preview.php PHP Code Injection
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
CVE-2013-7387
Session fixation vulnerability in DataLife Engine DLE 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie...