468 matches found
CVE-2006-3935
system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to 1 send broadcast messages to all users /workplace/broadcast, 2 list all users /accounts/users, 3 add webusers...
CVE-2006-3934
Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter...
CVE-2006-3936
system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...
CVE-2006-3933
Alkacon OpenCms prior to 6.2.2 is affected by a Cross‑site Scripting (XSS) vulnerability: remote authenticated users can inject arbitrary web script or HTML via the message body. The vulnerability is documented under CVE-2006-3933 with OpenCms 6.2.2 as the referenced fixed/bellwether release in t...
CVE-2006-3933
Cross-site scripting XSS vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body...
CVE-2006-3934
Affected software : Alkacon OpenCms prior to 6.2.2. Vulnerability : Absolute path traversal in downloadTrigger.jsp via the filePath parameter, allowing remote authenticated users to download arbitrary files. Root cause : improper handling/validation of absolute pathnames in filePath. Impact : pot...
CVE-2006-3935
Alkacon OpenCms before 6.2.2 has improper access control in system/workplace/views/admin/admin-main.jsp, allowing remote authenticated users to perform six admin actions (broadcast messages, list users, add webusers, upload import/export files, upload modules, read the log file) by manipulating t...
CVE-2006-3936
Alkacon OpenCms is affected by a JSP source disclosure in system/workplace/editors/editor.jsp prior to version 6.2.2. The vulnerability allows an authenticated user to read the source code of arbitrary JSP files by supplying the file path via the resource parameter (demonstrated with index.jsp). ...
OpenCMS_multiple_vulnerabilities.txt
Multiple access control and input validation vulnerabilities in OpenCMS Open Source Website Content Management System 0. ORIGINAL ADVISORY http://o0o.nu/meder/OpenCMSmultiplevulnerabilities.txt I. BACKGROUND OpenCms is a professional level Open Source Website Content Management System. OpenCms...
Multiple vulnerabilities in OpenCMS
Multiple access control and input validation vulnerabilities in OpenCMS Open Source Website Content Management System 0. ORIGINAL ADVISORY http://o0o.nu/meder/OpenCMSmultiplevulnerabilities.txt I. BACKGROUND OpenCms is a professional level Open Source Website Content Management System. OpenCms...
OpenCms < 6.2.2 Multiple Vulnerabilities
The remote host is running OpenCms, a Java-based content management system. According to its banner, the version of OpenCms installed on the remote host reportedly allows authenticated users to upload OpenCms modules and database import/export files, download arbitrary files, send messages to all...
OpenCms < 6.2.2 Authentication Bypass
Binary data 3693.prm...
OpenCMS 6.06.2 - Multiple Unauthorized Access Vulnerabilities
OpenCMS 6.06.2 - Multiple Unauthorized Access Vulnerabilities source: https://www.securityfocus.com/bid/19174/info OpenCMS is prone to multiple unauthorized-access vulnerabilities because it fails to properly authenticate users when performing administrative tasks. An attacker can exploit these...
OpenCMS 6.0/6.2 - Multiple Unauthorized Access Vulnerabilities
source: https://www.securityfocus.com/bid/19174/info OpenCMS is prone to multiple unauthorized-access vulnerabilities because it fails to properly authenticate users when performing administrative tasks. An attacker can exploit these issues to view, delete, and modify application data. This could...
[MajorSecurity #11]OpenCMS<= 6.2.1 - XSS
MajorSecurity 11OpenCMS= 6.2.1 - XSS ------------------------------------------ Software: OpenCMS Version: =6.2.1 Type: Cross site scripting Date: June, 10th 2006 Vendor: Alkacon Software GmbH Page: http://www.alkacon.com http://www.opencms.org/opencms/en/ Credits: ----------------------------...
OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting
Version: Tested on: - 6.0.0 - 6.0.2 - 6.0.3 Discovered by: jaime.blascoateazeldot.es http://www.eazel.es Description: Input passed to the search query in the Xml Content Demo search engine isn't properly sanitised. This can be exploited to conduct cross-site scripting attacks. Example:...
CVE-2006-2571
Cross-site scripting XSS vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action...
Cross site scripting
Cross-site scripting XSS vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action...
CVE-2006-2571
Cross-site scripting XSS vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action...
CVE-2006-2571
The CVE-2006-2571 entry refers to an XSS vulnerability in Alkacon OpenCms (versions 6.0.0, 6.0.2, 6.0.3) where arbitrary web script/HTML can be injected through the query parameter in a search action on search.html. This is triggered remotely via the vulnerable search feature, enabling script exe...