Exponent 2.0.0 Beta 1.1 Shell Upload

------------------------------------------------------------------------ Software................Exponent 2.0.0 beta 1.1 Vulnerability...........Arbitrary Upload Threat Level............Very Critical 5/5 Download................http://www.exponentcms.org/ Discovery Date..........5/4/2011 Tested...

Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account PoC

Exploit for php platform in category web applications Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account PoC by outlaw.dll body, table, tr, td background-color: 00489C; font-family: Verdana; font-size: 16px; color: FFFFFF; .-""""-. .-""""-. / \ / \ / \ / \ // \ / \ // \ / \ |\ //| |\ //|...

Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account)

Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery Add Administrator Account Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account PoC by outlaw.dll body, table, tr, td background-color: 00489C; font-family: Verdana; font-size: 16px; color: FFFFFF; .-""""-. .-""""-. / \ / \ / \ / \ // \ / ...

Exponent CMS 2.0 Beta 1.1 - Cross-Site Request Forgery (Add Administrator Account)

Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account PoC by outlaw.dll body, table, tr, td background-color: 00489C; font-family: Verdana; font-size: 16px; color: FFFFFF; .-""""-. .-""""-. / \ / \ / \ / \ // \ / \ // \ / \ |\ //| |\ //| \ || / \ || / \ / \ / \ / \ / .-""""-. '..'.-""""-...

Exponent CMS 2.0 Beta 1.1 Cross Site Request Forgery

Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account PoC by outlaw.dll body, table, tr, td background-color: 00489C; font-family: Verdana; font-size: 16px; color: FFFFFF; .-""""-. .-""""-. / \ / \ / \ / \ // \ / \ // \ / \ |\ //| |\ //| \ || / \ || / \ / \ / \ / \ / .-""""-. '..'.-""""-...

Exponent CMS Detection

Detection of Exponent CMS. This script sends a connection request to the server and attempts to detect the presence of Exponent CMS and to extract its version SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Exponent CMS Multiple Input Validation Vulnerabilities

Exponent CMS is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, information-disclosure, arbitrary-file-upload, arbitrary-file-modify, and cross-site-scripting vulnerabilities...

LFI in Exponent CMS

Vulnerability ID: HTB22718 Reference: http://www.htbridge.ch/advisory/lfiinexponentcms1.html Product: Exponent CMS Vendor: http://www.exponentcms.org/ http://www.exponentcms.org/ Vulnerable Version: 2.0.0pr2 Vendor Notification: 22 November 2010 Vulnerability Type: Local File Inclusion Status: No...

LFI in Exponent CMS

Vulnerability ID: HTB22717 Reference: http://www.htbridge.ch/advisory/lfiinexponentcms.html Product: Exponent CMS Vendor: http://www.exponentcms.org/ http://www.exponentcms.org/ Vulnerable Version: 2.0.0pr2 Vendor Notification: 22 November 2010 Vulnerability Type: Local File Inclusion Status: Not...

Exponent CMS 2.0.0pr2 Local File Inclusion

============================= Vulnerability ID: HTB22718 Reference: http://www.htbridge.ch/advisory/lfiinexponentcms1.html Product: Exponent CMS Vendor: http://www.exponentcms.org/ http://www.exponentcms.org/ Vulnerable Version: 2.0.0pr2 Vendor Notification: 22 November 2010 Vulnerability Type:...

Local File Inclusion Vulnerability in Exponent CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Exponent CMS which could be exploited to include and execute arbitrary local files on the target system. 1 Local file inclusion in Exponent CMS Input passed to the "module" parameter in podcast.php and rss.php is not proper...

Exponent CMS 0.97 Cross Site Scripting / File Disclosure / Local File Inclusion / Shell Upload

Exponent CMS v0.97 Multiple Vulnerabilities Vendor: OIC Group Inc. Product web page: http://www.exponentcms.org Affected version: 0.97 Summary: Open Source Content Management System PHP+MySQL. Desc: Exponent CMS suffers from multiple vulnerabilities: 1. Local File Inclusion / File Disclosure...

Exponent CMS v0.97 Multiple Vulnerabilities

No description provided by source. Exponent CMS v0.97 Multiple Vulnerabilities Vendor: OIC Group Inc. Product web page: http://www.exponentcms.org Affected version: 0.97 Summary: Open Source Content Management System PHP+MySQL. Desc: Exponent CMS suffers from multiple vulnerabilities: 1. Local Fi...

Exponent CMS v0.97 Multiple Vulnerabilities

Exploit for php platform in category web applications =========================================== Exponent CMS v0.97 Multiple Vulnerabilities =========================================== Vendor: OIC Group Inc. Product web page: http://www.exponentcms.org Affected version: 0.97 Summary: Open Source...

Exponent CMS v0.97 Multiple Vulnerabilities

Summary Open Source Content Management System PHP+MySQL. Description Exponent CMS suffers from multiple vulnerabilities: 1. Local File Inclusion / File Disclosure Vulnerability 2. Arbitrary File Upload / File Modify Vulnerability 3. Reflected Cross-Site Scripting Vulnerability 1 LFI/FD occurs whe...

Exponent CMS 0.97 - Multiple Vulnerabilities

Exponent CMS 0.97 - Multiple Vulnerabilities Exponent CMS v0.97 Multiple Vulnerabilities Vendor: OIC Group Inc. Product web page: http://www.exponentcms.org Affected version: 0.97 Summary: Open Source Content Management System PHP+MySQL. Desc: Exponent CMS suffers from multiple vulnerabilities: 1...

Exponent CMS 0.97 - Multiple Vulnerabilities

Exponent CMS v0.97 Multiple Vulnerabilities Vendor: OIC Group Inc. Product web page: http://www.exponentcms.org Affected version: 0.97 Summary: Open Source Content Management System PHP+MySQL. Desc: Exponent CMS suffers from multiple vulnerabilities: 1. Local File Inclusion / File Disclosure...

Exponent CMS 0.97.0 Cross Site Scripting

Title: Exponent Slideshow XSS Vulnerability Vendor: Exponent Product: Exponent CMS Tested Version: 0.97.0 Threat Class: XSS Severity: High Remote: yes Local: no Discovered By: Andrei Rimsa Alvares ===== Description ===== The file "modules/slideshowmodule/slideshow.js.php" is prone to XSS...

Exponent Slideshow XSS Vulnerability

Title: Exponent Slideshow XSS Vulnerability Vendor: Exponent Product: Exponent CMS Tested Version: 0.97.0 Threat Class: XSS Severity: High Remote: yes Local: no Discovered By: Andrei Rimsa Alvares ===== Description ===== The file "modules/slideshowmodule/slideshow.js.php" is prone to XSS...

Exponent CMS 0.97 - Slideshow.js.php Cross-Site Scripting

Exponent CMS 0.97 - Slideshow.js.php Cross-Site Scripting source: https://www.securityfocus.com/bid/41447/info Exponent CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...