113 matches found
CVE-2024-8651 Netcat CMS: user enumeration
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...
NetCat CMS 安全漏洞
NetCat CMS is a content management system from NetCat, Inc. A security vulnerability previously existed in NetCat CMS version 6.4.0.24248. An attacker could exploit the vulnerability to execute JavaScript code in a user's browser when the user visits a specific path on the site...
NetCat CMS 安全漏洞
NetCat CMS is a content management system from NetCat, Inc. A security vulnerability previously existed in NetCat CMS version 6.4.0.24248. An attacker could exploit the vulnerability to execute JavaScript code in a user's browser when the user visits a specific path on the site...
NetCat CMS 安全漏洞
NetCat CMS is a content management system from NetCat, Inc. A security vulnerability exists in NetCat CMS prior to version 6.4.0.24248. An attacker exploiting this vulnerability could send a specially crafted http request to check for the presence of a user on the system...
PT-2024-39150 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: NetCat CMS versions 6.4.0.24126.2 through 6.4.0.24247 Description: A vulnerability in NetCat CMS allows an attacker to send a specially crafted HTTP request to check whether a user exists in the system. This issue could be a basis for further...
PT-2024-39152 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: NetCat CMS versions 6.4.0.24126.2 through 6.4.0.24247 Description: A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue enables cross-site...
The vulnerability in the implementation of the get_component_fields method of the comments module in the Netcat CMS system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the getcomponentfields method in the comments module of the Netcat CMS system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information from...
The vulnerability of the netcat/message_fields.php file in the Netcat CMS system allows a intruder to gain unauthorized access to protected information.
The vulnerability of the netcat/messagefields.php file in the Netcat CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information from the...
The vulnerability of the filemanager module in the CMS system Netcat, which allows a hacker to execute arbitrary JavaScript code
The vulnerability of the filemanager module in the CMS system Netcat is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute any JavaScript code in the user’s browser remotely...
The vulnerability in the implementation of the deleteComment method in the comments module of the CMS system Netcat allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the deleteComment method in the comments module of the CMS system Netcat is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to the protected information...
The vulnerability in the implementation of the subscribes_delete_confirm method of the comments module in the Netcat CMS system allows a hacker to gain unauthorized access to protected information.
The vulnerability of the subscribesdeleteconfirm method in the comments module of the CMS system Netcat is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to the protected...
The vulnerability of the alter_form.php function in the Netcat CMS system allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the alterform.php function in the Netcat CMS system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute any JavaScript code in the user’s browser remotely...
The vulnerability of the filemanager module in the CMS system Netcat, which allows a hacker to execute arbitrary JavaScript code
The vulnerability of the filemanager module in the CMS system Netcat exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
PT-2024-79: Reflected Cross-Site Scripting (XSS) in Netcat CMS (logging module)
The vulnerability was identified in Netcat logging module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-75: Time-based SQL Injection in Netcat CMS (module messaging)
The vulnerability was identified in Netcat CMS module messaging, version 6.4 Extra. The discovered vulnerability allows an attacker to read information from the database. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.08.2024 Recommendations: Update to version or...
PT-2024-81: Reflected Cross-Site Scripting (XSS) in Netcat CMS (landing module)
The vulnerability was identified in Netcat landing module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-91: Time-based SQL Injection in Netcat CMS
The vulnerability was identified in Netcat, version 6.4 Extra. The discovered vulnerability allows an attacker to read information from the database. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.08.2024 Recommendations: Update to version or higher Additional...
PT-2024-88: Cross-Site Request Forgery (CSRF) and Reflected Cross-Site Scripting (XSS) in Netcat CMS (module calendar)
The vulnerability was identified in Netcat CMS module calendar, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked...
PT-2024-84: Reflected Cross-Site Scripting (XSS) in Netcat CMS (netshop module)
The vulnerability was identified in Netcat netshop module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-92: Reflected Cross-Site Scripting (XSS) in Netcat CMS (filemanager module)
The vulnerability was identified in Netcat filemanager module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...