888 matches found
CVE-2015-0886
Integer overflow in the cryptraw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent...
Multiple Cross-Site Scripting Vulnerabilities in Exponent CMS
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. A cross-site scripting...
CVE-2014-8690
Multiple cross-site scripting XSS vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, the 2 src parameter in a none action to index.php, or the 3 "First...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, the 2 src parameter in a none action to index.php, or the 3 "First...
CVE-2014-8690
Exponent CMS suffers multiple XSS vulnerabilities (CVE-2014-8690) in versions before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4. attacker-controlled input via PATH_INFO, index.php none action src parameter, or the First Name/Last Name fields in users/edituser can in...
CVE-2014-8690
Multiple cross-site scripting XSS vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, the 2 src parameter in a none action to index.php, or the 3 "First...
Exponent CMS < 2.3.1 Patch 4 Multiple XSS Vulnerabilities
Exponent CMS is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Exponent CMS 2.3.1 - Multiple XSS Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Multiple Exponent CMS Cross-Site Scripting Vulnerabilies Discovered by- Mayuresh Dani email protected Narendra Shinde email protected Vendor Homepage: http://www.exponentcms.org/ Software Link:...
Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities
Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities Exploit Title: Multiple Exponent CMS Cross-Site Scripting Vulnerabilies Discovered by- Mayuresh Dani [email protected] Narendra Shinde [email protected] Vendor Homepage: http://www.exponentcms.org/ Software Link:...
Exponent CMS 2.3.1 Cross Site Scripting
Exploit Title: Multiple Exponent CMS Cross-Site Scripting Vulnerabilies Discovered by- Mayuresh Dani [email protected] Narendra Shinde [email protected] Vendor Homepage: http://www.exponentcms.org/ Software Link: http://sourceforge.net/projects/exponentcms/files/exponent-2.3.1.zip/download Versio...
Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities
Exploit Title: Multiple Exponent CMS Cross-Site Scripting Vulnerabilies Discovered by- Mayuresh Dani [email protected] Narendra Shinde [email protected] Vendor Homepage: http://www.exponentcms.org/ Software Link: http://sourceforge.net/projects/exponentcms/files/exponent-2.3.1.zip/download Versio...
CVE-2015-1177-xss-exponent
CVE-2015-1177-xss-exponent Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in Exponent CMS Affected Software : Exponent Affected Versions: 2.3.2 and possibly below Vendor Homepage : http://www.exponentcms.org/ Vulnerability Type : Cross-site Scripting Severit...
Exponent CMS 'index.php' Cross-Site Scripting Vulnerability
Exponent CMS is open source content management system. A cross-site scripting vulnerability exists in Exponent CMS 'index.php' because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary script code in an unsuspecting user's...
Exponent CMS 2.3.2 Cross Site Scripting
CVE-2015-1177-xss-exponent Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in Exponent CMS Affected Software : Exponent Affected Versions: 2.3.2 and possibly below Vendor Homepage : http://www.exponentcms.org/ Vulnerability Type : Cross-site Scripting Severit...
CVE-2013-3295
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter...
Directory traversal
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter...
CVE-2013-3295
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter...
CVE-2013-3295
Vulnerability overview (CVE-2013-3295) : Exponent CMS prior to 2.2.0 RC1 contains a PHP File Inclusion/Directory Traversal flaw in the install/popup.php script. The vulnerability arises from improper handling of the page parameter, allowing remote unauthenticated attackers to traverse the local f...
Exponent CMS 'src' POST Parameter Cross-Site Scripting Vulnerability
Exponent CMS is prone to an XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exponentcms:exponentcms";...
CVE-2014-6635
Cross-site scripting XSS vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php...