362 matches found
CVE-2016-4849
CVE-2016-4849 concerns Geeklog IVYWE edition 2.1.1. The vulnerability is a set of cross-site scripting flaws that can be triggered via the COM_getCurrentURL function used in four layout template files (public_html/layout/default/header.thtml, layout/bento/header.thtml, layout/fotos/header.thtml, ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-4875
CVE-2016-4875 describes cross-site scripting (CWE-79) vulnerabilities in Geeklog IVYWE edition plugins: Assist (before 1.1.2.test20160906), dataBox (before 0.0.0.20160906), and userBox (before 0.0.0.20160906). The root cause is untrusted input that can be injected into administrator-facing contex...
CVE-2016-4875
Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting
Overview Geeklog is an open source content management system CMS. The Geeklog IVYWE edition plugins Assist, dataBox, and userBox each contain a cross-site scripting CWE-79 vulnerability. IVY WE CO.,LTD. reported this vulnerability to IPA and JPCERT/CC to notify users of its solution through JVN...
JVN#46087986: Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting
Geeklog is an open source content management system CMS. The Geeklog IVYWE edition plugins Assist, dataBox, and userBox each contain a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an administrator. Solution...
Multiple Cross-Site Scripting Vulnerabilities in Geeklog IVYWE
geeklog is an open source content management system CMS. Multiple cross-site scripting vulnerabilities exist in Geeklog IVYWE. Because the program fails to properly perform user-supplied input, an attacker could exploit the vulnerabilities to execute arbitrary script code in a trusted user's...
Geeklog IVYWE edition contains a cross-site scripting vulnerability
Overview Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#09836883: Geeklog IVYWE edition contains a cross-site scripting vulnerability
Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the appropriate patch according to the information provided by...
Geeklog 1.4.0 - Multiple Vulnerabilities
Geeklog 1.4.0 - Multiple Vulnerabilities Geeklog Multiple Vulnerabilities Vendor: Geeklog Product: Geeklog Version: = 1.4.0 Website: http://www.geeklog.net/ BID: 16755 CVE: CVE-2006-0823 OSVDB: 23348 23349 SECUNIA: 18920 PACKETSTORM: 44070 Description: Geeklog is one of the most popular content...
Geeklog < 1.4.0 - Multiple Vulnerabilities
Geeklog Multiple Vulnerabilities Vendor: Geeklog Product: Geeklog Version: = 1.4.0 Website: http://www.geeklog.net/ BID: 16755 CVE: CVE-2006-0823 OSVDB: 23348 23349 SECUNIA: 18920 PACKETSTORM: 44070 Description: Geeklog is one of the most popular content management systems available today. Geeklo...
Geeklog 2.1.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Geeklog 2.1.0 - Command Injection, XSS, Command Injection Vulnerabilities Overview The admin area of Geeklog suffers from two vulnerabilities that can lead to code execution: OS Command Injection and Upload of Files with Dangerous Type. The...
Geeklog 2.1.0 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Geeklog 2.1.0 Fixed in: 2.1.1b3 Fixed Version Link: https://www.geeklog.net/filemgmt/visit.php/1156 Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor:...
Geeklog 2.1.0 Command Injection
!/usr/local/bin/python Exploit for geeklog-2.1.0 OS Command Injection vulnerability An admin account is required to use this exploit Curesec GmbH import sys import re import argparse import requests requires requests lib parser = argparse.ArgumentParser parser.addargument"url", help="base url to...
Geeklog 2.1.0 Command Injection
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Geeklog 2.1.0 Fixed in: 2.1.1b3 Fixed Version Link: https://www.geeklog.net/filemgmt/visit.php/1156 Vendor Contact: [email protected] Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to...
Geeklog <= 1.5.2 - savepreferences()/*blocks[] SQL Injection Exploit
No description provided by source. ?php / Geeklog = 1.5.2 savepreferences/blocks remote sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.geeklog.net/ PHP and MySQL version independent vulnerability, see usersettings.php nea...
GeekLog <= 1.5.0 - Remote Arbitrary File Upload Exploit
No description provided by source. !/usr/bin/perl use warnings; use strict; use LWP::UserAgent; use HTTP::Request::Common; print INTRO; +++++++++++++++++++++++++++++++++++++++++++++++++++++ + GeekLog = 1.5.0 Remote Arbitrary File Upload + + + + Discovered && Coded By: t0pP8uZz + + + + 0day?!?Most...
GeekLog 1.x - (error.log) Remote Commands Execution Exploit (gpc = Off)
No description provided by source. !/usr/bin/perl -w use IO::Socket; print \r\n; print | Geeklog 1. remote commands execution |\r\n; print | By rgod rgodATautisticiDOTorg |\r\n; print | site: http://retrogod.altervista.org |\r\n; print | |\r\n; print \r\n; print | - this works against...
Geeklog 1.3.5 - Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/4969/info Geeklog does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'index.php' or 'comment.php'...
GeekLog <= 1.4.0sr3 (_CONF[path]) Remote File Include Vulnerabilities
No description provided by source. --------------------------------------------------------------------------- GeekLog = 1.4.0 CONFpath Remote File Include Vulnerabilities --------------------------------------------------------------------------- Google d0rk: powered by geeklog Discovered By...