197 matches found
Engine by Avatarus Simple CMS - SQL Injection Vulnerability
Document Title: =============== Engine by Avatarus Simple CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=388 Release Date: ============= 2012-01-18 Vulnerability Laboratory ID VL-ID: ====================================...
HTB23010: Multiple XSS & Local File Inclusion in Free Simple CMS
Vulnerability ID: HTB23010 Reference: http://www.htbridge.ch/advisory/multiplexssinfreesimplecms.html Product: Free Simple CMS Vendor: Dustin Cowell Enterprises http://www.freesimplesoft.com/ Vulnerable Version: 1.0 and probably prior Tested on: 1.0 Vendor Notification: 25 May 2011 Vulnerability...
Free Simple CMS 1.0 Cross Site Scripting / Local File Inclusion
Vulnerability ID: HTB23010 Reference: http://www.htbridge.ch/advisory/multiplexssinfreesimplecms.html Product: Free Simple CMS Vendor: Dustin Cowell Enterprises http://www.freesimplesoft.com/ Vulnerable Version: 1.0 and probably prior Tested on: 1.0 Vendor Notification: 25 May 2011 Vulnerability...
Free Simple CMS 1.0 Multiple Vulnerabilities
Exploit for php platform in category web applications Product: Free Simple CMS Vendor: Dustin Cowell Enterprises http://www.freesimplesoft.com/ Vulnerable Version: 1.0 and probably prior Tested on: 1.0 Vendor Notification: 25 May 2011 Vulnerability Type: XSS Cross Site Scripting, Local File...
Free Simple CMS 1.0 - Multiple Vulnerabilities
Free Simple CMS 1.0 - Multiple Vulnerabilities Vulnerability ID: HTB23010 Reference: http://www.htbridge.ch/advisory/multiplexssinfreesimplecms.html Product: Free Simple CMS Vendor: Dustin Cowell Enterprises http://www.freesimplesoft.com/ Vulnerable Version: 1.0 and probably prior Tested on: 1.0...
Free Simple CMS 1.0 - Multiple Vulnerabilities
Vulnerability ID: HTB23010 Reference: http://www.htbridge.ch/advisory/multiplexssinfreesimplecms.html Product: Free Simple CMS Vendor: Dustin Cowell Enterprises http://www.freesimplesoft.com/ Vulnerable Version: 1.0 and probably prior Tested on: 1.0 Vendor Notification: 25 May 2011 Vulnerability...
Multiple Vulnerabilities in Free Simple CMS
High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in Free Simple CMS which could be exploited to perform cross-site scripting attacks and compromise vulnerable system. 1 Cross-site scripting XSS vulnerabilities in Free Simple CMS 1.1 The vulnerability exists due to input...
CVE-2010-3742
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 meta or 2 phpincdir parameter, a different issue than CVE-2010-3307...
CVE-2010-3307
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 body, 2 footer, 3 header, 4 menuleft, or 5 menuright parameter...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 body, 2 footer, 3 header, 4 menuleft, or 5 menuright parameter...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 meta or 2 phpincdir parameter, a different issue than CVE-2010-3307...
CVE-2010-3742
CVE-2010-3742 describes multiple PHP remote file inclusion vulnerabilities in Free Simple CMS 1.0, specifically in themes/default/index.php. The underlying issue allows an attacker to cause arbitrary PHP code execution by supplying a URL in the (1) meta or (2) phpincdir parameter, as reported (di...
CVE-2010-3307
CVE-2010-3307 involves multiple PHP remote file inclusion vulnerabilities in the Free Simple CMS 1.0 (and earlier). The issue arises in the themes/default/index.php file, where a URL provided in the following parameters can be used to include remote code: body, footer, header, menu_left, and menu...
[oCERT-2010-003] Free Simple CMS path sanitization errors
2010-003 Free Simple CMS path sanitization errors Description: Free Simple CMS, an open source content management system, suffers from remote file inclusion vulnerabilities. Insufficient path sanitization on several query string parameters leads to inclusion of arbitrary files from remote sources...
Simple CMS Framework 1.0 - page SQL Injection
Simple CMS Framework 1.0 - page SQL Injection ============================================================================== Hackteach.OrG / / / || |/ | / | | / | / / / | / / | / / / / | / | | / / / /| | / /\ // ============================================================================== »...
Really Simple CMS 0.3a (pagecontent.php PT) Local File Inclusion Vuln
Exploit for unknown platform in category web applications ============================================================================== Really Simple CMS 0.3a pagecontent.php PT Local File Inclusion Vulnerability ============================================================================== +...
Really Simple CMS 0.3a - 'PT' Local File Inclusion
Really Simple CMS 0.3a pagecontent.php PT Local File Inclusion Vulnerability + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download : http://sourceforge.net/projects/rscms/ + Local File Inclusion - Vulnerable code in plugings/pagecontent.php...
CMS Made Simple 1.4.1 Local File Inclusion Vulnerability
No description provided by source. Type: Directory Traversal vulnerability Unix tested / Root privileges escalation Vendor: CMS Made Simple Software: CMS Made Simple 1.4.1 "Spring Garden" and probably others ... Author: M4ck-h@cK Date 29.11.2008 Home: sweet home contact: no, thx : Exploit: Demo: ...
CVE-2008-5058
SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information...
Sql injection
SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information...