Cross site scripting

Cross-site scripting XSS vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php...

CVE-2014-6635

Cross-site scripting XSS vulnerability in Exponent CMS 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the src parameter in the search action to index.php...

CVE-2014-6635

CVE-2014-6635 affects Exponent CMS 2.3.0, exposing a cross-site scripting (XSS) flaw in the src parameter of the search action to index.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML. CVSS v2 base score is 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N). Exploitation statu...

Exponent CMS 2.3.0 Cross Site Scripting

Title: exponent-2.3.0 CMS index.php POST Reflected XSS Severity: High CVE-ID: To Be Assigned Release Date: 20 September 2014 Author: Kenneth F. Belva Websites: http://silverbackventuresllc.com http://xssWarrior.com http://securitymaverick.com Twitter: @infosecmaverick Contact: Please use website...

Exponent CMS <= 0.96.3 (view) Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' .:---------------------------------------------------------------------------:. Exponent CMS 0.96.3 stable possibly other versions "view" arbitrary local inclusion / remote commands xctn exploit by rgod...

Exponent CMS 2.2.0 beta 3 - Multiple Vulnerabilities

No description provided by source...

Exponent CMS 0.96.5/ 0.96.6 magpie_debug.php url Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...

Exponent CMS 0.96.5/ 0.96.6 iconspopup.php icodir Variable Traversal Arbitrary Directory Listing

No description provided by source. source: http://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...

Exponent CMS 0.96.5/ 0.96.6 magpie_slashbox.php rss_url Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...

Exponent CMS 0.97 - Multiple Vulnerabilities

No description provided by source. Exponent CMS v0.97 Multiple Vulnerabilities Vendor: OIC Group Inc. Product web page: http://www.exponentcms.org Affected version: 0.97 Summary: Open Source Content Management System PHP+MySQL. Desc: Exponent CMS suffers from multiple vulnerabilities: 1. Local Fi...

Exponent CMS 0.95 Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12358/info Exponent is reported prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user facilitating thef...

Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account PoC

No description provided by source. !-- + Title: Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account PoC + Version: 2.0 Beta 1.1 not tested with older versions + Note: No need administrator to be logged : + Tested on: Linux Ubuntu 11.04 Google Chrome but will work in any other OS + Download...

CVE-2013-3294

Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the 1 src or 2 username parameter to index.php...

Sql injection

Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the 1 src or 2 username parameter to index.php...

CVE-2013-3294

CVE-2013-3294 and CVE-2013-3295 affect Exponent CMS, with multiple vulnerabilities in 2.2.0 beta3 and earlier: CVE-2013-3294 is a SQL Injection in index.php via src and username parameters, exploitable remotely; CVE-2013-3295 is a PHP File Inclusion via install/popup.php?page parameter, enabling ...

CVE-2013-3294

Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the 1 src or 2 username parameter to index.php...

CentOS Update for gnupg CESA-2013:1458 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 5 / 6 : libgcrypt (CESA-2013:1457)

An updated libgcrypt package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Multiple Vulnerabilities in Exponent CMS

Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: May 15, 2013 Vulnerability Type: SQL Injection CWE-89,...

Exponent CMS Multiple Vulnerabilities

Exponent CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exponentcms:exponentcms";...