774 matches found
chicomas <= 2.0.4 (DB Backup/DD/XSS) Multiple Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: chicomas =2.0.4 Multiple Vulnerabilities Vendor: http://www.chicomas.com/ Demo: http://demo.opensourcecms.com/chicomas Bug: Database Information Disclosure, Authorization Weakness, XSS Vulnerable Version:...
asaher pro 1.0.4 - Remote Database Backup Vulnerability
No description provided by source. ::::::::::::::::::::::::::::::::::::::: found by alnjm33 my site : http://sec-war.com/cc/ mail:alnjm33athotmail.com :::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::Re: asaher pro v1.0.4 Remote Database Backup...
myPHP Guestbook <= 2.0.4 Database Backup Dump Vulnerability
No description provided by source...
SA-CONTRIB-2014-062 -Passsword Policy - Multiple vulnerabilities
The Password Policy module enables you to define and enforce password policies with various constraints on allowable user passwords. Access bypass and information disclosure 7.x only The module has a history constraint, which when enabled, disallows a user's password from being changed to match a...
74CMS设计缺陷导致被脱裤(有服务器环境限制)
简要描述: 详细说明: 首先我们来科普一下windows的短文件名,也就是下面我们要用到的。 WooYun: ThinkSAAS某处设计缺陷可能导致被拖库利用(环境与功能条件限制) 见上面漏洞的科普介绍,这里我们直接利用吧。 74cms的数据库备份如下: //执行备份 elseif$act =='dobackup' checkpermissions$SESSION'adminpurview',"database"; if !fileexists"../data/".$backupdir."/"adminmsg"备份文件存放目录data/".$backupdir."不存在!",0; if...
CVE-2014-2996
XCloner Standalone 3.5 and earlier, when enabledbbackup and sqlmem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackupcomp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 change the administrator password via the config task to index2.php or 2 when the enabledbbackup and sqlmem...
逐浪CMS任意SQL游走CMS2 V1.4 V1.5、 CMS6.0均受影响(其他版本死链未测)
简要描述: 问题出现在详细说明中 详细说明: 问题出现在 User\Develop\ashx\UserTage.ashx 代码片段: try MZoneNode MZN = new MZoneNode; BEditPage BEP = new BEditPage; MZN.NodeID = Convert.ToInt32nodeid; MZN.UserID = BU.GetLogin.UserID; string strTemp = style; string strStyle = strTemp.Split'|'; if strStyle != null foreach string...
Cart Engine 3.0.0 Database Backup Disclosure Vulnerability
Cart Engine version 3.0.0 suffers from a database backup disclosure vulnerability. ?php / Cart Engine 3.0.0 Database Backup Disclosure Exploit Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet...
Kemana Directory 1.5.6 Database Backup Disclosure Vulnerability
Kemana Directory version 1.5.6 suffers from a database backup disclosure vulnerability. ?php / Kemana Directory 1.5.6 Database Backup Disclosure Exploit Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution with...
Kemana Directory 1.5.6 Database Backup Disclosure
$total return; ifempty$starttime $starttime=time; $n...
Cart Engine 3.0.0 Database Backup Disclosure
?php / Cart Engine 3.0.0 Database Backup Disclosure Exploit Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart based on PHP & MySQL. Unique features of...
Kemana Directory 1.5.6 - Database Backup Disclosure
Kemana Directory 1.5.6 - Database Backup Disclosure $total return; ifempty$starttime $starttime=time; $now = time...
Cart Engine 3.0.0 - Database Backup Disclosure
Cart Engine 3.0.0 - Database Backup Disclosure ?php / Cart Engine 3.0.0 Database Backup Disclosure Exploit Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping...
qEngine CMS 6.0.0 - Multiple Vulnerabilities
qEngine CMS 6.0.0 - Multiple Vulnerabilities $total return; ifempty$starttime $starttime=time; $now = time; $perc=double$done/$total; $b...
Kemana Directory 1.5.6 Database Backup Disclosure Exploit
Summary Experience the ultimate directory script solution with Kemana. Create your own Yahoo or Dmoz easily with Kemana. Unique Kemana's features including: CMS engine based on our qEngine, multiple directories support, user friendly administration control panel, easy to use custom fields,...
qEngine CMS 6.0.0 Database Backup Disclosure Vulnerability
qEngine CMS version 6.0.0 suffers from a database backup disclosure vulnerability. $total return;...
Cart Engine 3.0.0 Database Backup Disclosure Exploit
Summary Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart based on PHP & MySQL. Unique features of Cart Engine include: CMS engine based on our qEngine, product options, custom fields, digital products, search engine friendly URL, user...
qEngine CMS 6.0.0 Database Backup Disclosure Exploit
Summary qEngine qE is a lightweight, fast, yet feature packed CMS script to help you building your site quickly. Using template engine to separate the php codes from the design, you don't need to touch the codes to design your web site. qE is also expandable by using modules. Description qEngine...
qEngine CMS 6.0.0 Database Backup Disclosure
$total return; ifempty$starttime $starttime=time; $now = time; $perc=double$d...