92 matches found
XSS and Redirector vulnerabilities in InstantCMS
Hello 3APA3A! These are Cross-Site Scripting and Redirector vulnerabilities in InstantCMS. ------------------------- Affected products: ------------------------- Vulnerable are InstantCMS 1.10.2 and previous versions. ------------------------- Affected vendors: ------------------------- InstantSo...
Multiple vulnerabilities in InstantCMS
Hello 3APA3A! These are Login Enumeration, Cross-Site Scripting and Content Spoofing vulnerabilities in InstantCMS. ------------------------- Affected products: ------------------------- Vulnerable are InstantCMS 1.10.2 and previous versions. ------------------------- Affected vendors:...
InstantCMS 1.10.2 Cross Site Scripting
Hello list! These are Cross-Site Scripting and Redirector vulnerabilities in InstantCMS. ------------------------- Affected products: ------------------------- Vulnerable are InstantCMS 1.10.2 and previous versions. ------------------------- Affected vendors: ------------------------- InstantSoft...
instantCMS 1.6 /components/search/frontend.php 代码执行漏洞
No description provided by source...
InstantCMS 1.6 - PHP Remote Code Execution (Metasploit)
require 'msf/core' class Metasploit3 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval, in InstantCMS versions 1.6. , 'Author' = 'AkaStep', Vulnerability discovery and PoC 'Ricar...
InstantCMS 1.6 Remote PHP Code Execution
require 'msf/core' class Metasploit3 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval, in InstantCMS versions 1.6. , 'Author' = 'AkaStep', Vulnerability discovery and PoC 'Ricar...
InstantCMS 1.6 Remote PHP Code Execution Vulnerability
This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval, in InstantCMS versions 1.6. require 'msf/core' class Metasploit3 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an arbitrary php command...
InstantCMS 1.6 Remote PHP Code Execution
This module exploits an arbitrary PHP command execution vulnerability because of a dangerous use of eval in InstantCMS in versions 1.6 and prior. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
InstantCMS 1.6 Code Execution
NoTrayIcon Region ; Directives created by AutoIt3WrapperGUI AutoIt3WrapperOutfile=exploit.exe AutoIt3WrapperUseUpx=n AutoIt3WrapperChange2CUI=y EndRegion ; Directives created by AutoIt3WrapperGUI include include cs Demo vid: http://youtu.be/jRIPh-nYpY Print Screen:...
Vulnerabilities in SWFUpload in multiple web applications: WordPress, Dotclear, InstantCMS, AionWeb and others
Hello 3APA3A! Earlier I've wrote about Content Spoofing and Cross-Site Scripting vulnerabilities in SWFUpload http://securityvulns.ru/docs29181.html. This is very popular flash-file, which is used at tens millions of web sites and in hundreds of web applications only WordPress is used at more the...
XSS vulnerability in web applications with swfupload: Dotclear, XenForo, InstantCMS, AionWeb, Dolphin
Hello 3APA3A! I will draw your attention to XSS vulnerability in other web applications with swfupload. Earlier I've wrote about swfupload in WordPress CVE-2012-3414 and that this hole is available in many web applications. In previous letter I've wrote the information about different versions of...
SWF Upload Cross Site Scripting
Hello list! I will draw your attention to XSS vulnerability in other web applications with swfupload. Earlier I've wrote about swfupload in WordPress CVE-2012-3414 and that this hole is available in many web applications. In previous letter I've wrote the information about different versions of...