CVE-2013-4724

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to...

CVE-2013-4725

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

Information disclosure

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx...

Design/Logic Flaw

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. dot dot in the "l" parameter, which reveals the installation path in an error message...

Design/Logic Flaw

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to...

Session fixation

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

CVE-2013-4727

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx...

CVE-2013-4724

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to...

CVE-2013-4725

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

CVE-2013-4728

CVE-2013-4728 affects DDSN Interactive cm3 Acora CMS versions such as 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). The vulnerability allows remote attackers to obtain sensitive information via a crafted .. (dot dot) in the l parameter, which reveals the installation path in a...

CVE-2013-4727

CVE-2013-4727 affects DDSN Interactive cm3 Acora CMS versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). Remote attackers can obtain sensitive information via Admin/top.aspx. Affected component is the CMS core (AcoraCMS), with information disclosure as the stated impact (CV...

CVE-2013-4725

CVE-2013-4725 affects DDSN Interactive cm3 Acora CMS versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). Description: the CMS does not set the Secure flag on an unspecified cookie in HTTPS sessions, allowing an attacker to capture the cookie by intercepting its transmission...

CVE-2013-4724

CVE-2013-4724 affects DDSN Interactive cm3 Acora CMS versions including 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). The issue is failure to set the HTTPOnly flag on a Set-Cookie header for an unspecified cookie, potentially allowing remote attackers to access sensitive cooki...

Command Shell, Reverse TCP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include...

CVE-2013-4726

Cross-site request forgery CSRF vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2013-4723

Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx...

Open redirect

Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 url, 3 qstr parameter...

CVE-2013-4723

Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx...