Exponent CMS 2.2.0 Beta 3 - Multiple Vulnerabilities

Exponent CMS 2.2.0 Beta 3 - Multiple Vulnerabilities Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: M...

Exponent CMS 2.2.0 Beta 3 - Multiple Vulnerabilities

Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: May 15, 2013 Vulnerability Type: SQL Injection CWE-89,...

Exponent CMS 2.2.0 Beta 3 LFI / SQL Injection Vulnerabilities

Exponent CMS version 2.2.0 beta 3 suffers from local file inclusion and remote SQL injection vulnerabilities. Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patc...

Exponent CMS 2.2.0 Beta 3 LFI / SQL Injection

Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Versions: 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: May 15, 2013 Vulnerability Type: SQL Injection CWE-89,...

Multiple Vulnerabilities in Exponent CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Exponent CMS, which can be exploited to execute arbitrary SQL commands in the database of vulnerable application and execute arbitrary PHP code on the vulnerable system. 1 SQL Injection in Exponent CMS: CVE-2013-3294 Th...

Exponent CMS 0.96.3 SQLi

Exponent CMS 0.96.3 articlemodule SQL Injection Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

Exponent CMS 0.97 File Upload

File upload vulnerability in Exponent CMS uploadfileuploadcontrol.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

Exponent CMS 0.96 File Upload

File upload vulnerability in Exponent CMS uploadstandalone.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

Exponent CMS 2.0.2 File Disclosure

File disclosure vulnerability in Exponent CMS download.php Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Exponent CMS 2.0.2 LFI

Local file include vulnerability in Exponent CMS module parameter Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

Exponent CMS 2.0 - src SQL Injection

Exponent CMS 2.0 - src SQL Injection source: https://www.securityfocus.com/bid/52328/info Exponent CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromi...

Exponent CMS 2.0 - 'src' SQL Injection

source: https://www.securityfocus.com/bid/52328/info Exponent CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

CVE-2010-5002

Cross-site scripting XSS vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter...

CVE-2010-5002

Cross-site scripting XSS vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter...

CVE-2010-5002

Cross-site scripting XSS vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter...

CVE-2010-5002

CVE-2010-5002: Exponent CMS 0.97.0 is affected by a Cross-Site Scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php, exploitable via the u parameter to inject arbitrary script/HTML. The NVD entry lists a 4.3 base score (Medium) with network access, no confidentiality/availabi...

Exponent 2.0.0 Beta 1.1 Shell Upload

------------------------------------------------------------------------ Software................Exponent 2.0.0 beta 1.1 Vulnerability...........Arbitrary Upload Threat Level............Very Critical 5/5 Download................http://www.exponentcms.org/ Discovery Date..........5/4/2011 Tested...

Exponent CMS 2.0.0 Beta 1.1 - Local File Inclusion Arbitrary File Upload

Exponent CMS 2.0.0 Beta 1.1 - Local File Inclusion Arbitrary File Upload source: https://www.securityfocus.com/bid/47757/info Exponent CMS is prone to a local file-include vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to upload arbitrary files onto...

Exponent 2.0.0 Beta 1.1 Local File Inclusion

------------------------------------------------------------------------ Software................Exponent 2.0.0 beta 1.1 Vulnerability...........Local File Inclusion / Arbitrary Read Threat Level............Critical 4/5 Download................http://www.exponentcms.org/ Discovery...