EUVD-2012-4426

Malware in sbrugna...

EUVD-2012-2203

Malware in sbrugna...

CVE-2020-13978

Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes=editchunk URI. NOTE: there is no indication that the Edit Chunk feature...

CVE-2020-13978

Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=editchunk URI. NOTE: there is no indication that the Edit Chunk...

Design/Logic Flaw

Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=editchunk URI. NOTE: there is no indication that the Edit Chunk...

CVE-2020-13978

Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=editchunk URI. NOTE: there is no indication that the Edit Chunk...

PT-2020-13814 · Monstra · Monstra Cms

Name of the Vulnerable Software and Affected Versions: Monstra CMS version 3.0.4 Description: The issue allows an attacker with administrative access to execute arbitrary OS commands via the Theme Module by visiting the "admin/index.php?id=themes&action=edit chunk" URI. This is achieved by...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 section parameter in the configuration module, 2 installstatus parameter in the languagesnew module, or 3 theme parameter in the theme modu...

CVE-2012-2209

Multiple cross-site scripting XSS vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 section parameter in the configuration module, 2 installstatus parameter in the languagesnew module, or 3 theme parameter in the theme modu...

CVE-2009-0818

Cross-site scripting XSS vulnerability in the taxonomythemeadmintablebuilder function taxonomythemeadmin.inc in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is...

Drupal Taxonomy Theme模块name参数HTML注入漏洞

BUGTRAQ ID: 33923 Drupal的Taxonomy Theme模块允许网站管理员基于分类、词汇或类型内容更改指定内容的主题。 Taxonomy Theme模块的taxonomythemeadmintablebuilder函数没有正确地检查用户提供输入。在taxonomythemeadmin.inc的388行： $form'table'$item-$data'key''title' = array'value' = $item-name; 由于没有使用checkplain或类似的函数对$item-name值执行过滤，拥有administer...