171 matches found
kitForm CRM Extension 0.43 - 'sorter.ph?sorter_value' SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy easter.. Product: phpManufaktur / kitForm Version: query$SQL; 3. Exploit 1. import httplib2, socks, urllib 2. 3. Change these values 4. target = "http://fbi.gov" 5. SQLi = "or 1=1 " 6. torhttpp...
Websitebaker Concert Calendar 2.1.4 XSS / SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability Advisory ID: SSCHADV2013-001 Author: Stefan Schurtz Affected Software: Successfully tested on Concert Calendar 2.1.4 Vendor URL:...
WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities
WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities Advisory: Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability Advisory ID: SSCHADV2013-001 Author: Stefan Schurtz Affected Software: Successfully tested on Concert Calendar 2.1.4 Vendor URL:...
Websitebaker Add-on Concert Calendar 2.1.4 Multiple Vulnerabilities
Exploit for php platform in category web applications Advisory: Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability Advisory ID: SSCHADV2013-001 Author: Stefan Schurtz Affected Software: Successfully tested on Concert Calendar 2.1.4 Vendor URL:...
WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities
Advisory: Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability Advisory ID: SSCHADV2013-001 Author: Stefan Schurtz Affected Software: Successfully tested on Concert Calendar 2.1.4 Vendor URL: http://addons.websitebaker2.org/pages/en/browse-add-ons.php?id=0E8BC37 Vendor Status:...
Websitebaker XSS Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability
Advisory: WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability Advisory ID: SSCHADV2012-003 Author: Stefan Schurtz Affected Software: Successfully tested on WebsiteBaker 2.8.2 SP2 Vendor URL: www.websitebaker2.org Vendor Status: fixed ========================== Vulnerability Description...
WebsiteBaker 2.8.2 Cross Site Scripting
Advisory: WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability Advisory ID: SSCHADV2012-003 Author: Stefan Schurtz Affected Software: Successfully tested on WebsiteBaker 2.8.2 SP2 Vendor URL: www.websitebaker2.org Vendor Status: fixed ========================== Vulnerability Description...
CVE-2011-3385
Cross-site scripting XSS vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307...
Cross site scripting
Cross-site scripting XSS vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307...
CVE-2011-3385
The CVE-2011-3385 entry concerns WebsiteBaker before version 2.8 (used in LEPTON and possibly other products). The vulnerability is described as a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via unknown vectors; no explicit root cause or aff...
CVE-2011-3385
Cross-site scripting XSS vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307...
WebsiteBaker vulnerable to cross-site scripting
Overview WebsiteBaker contains a cross-site scripting vulnerability. WebsiteBaker is a content management system CMS. WebsiteBaker contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#02134508: WebsiteBaker vulnerable to cross-site scripting
WebsiteBaker is a content management system CMS. WebsiteBaker contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to Lepton CMS according to the information provided by the developer. Products...
WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability
OVERVIEW WebsiteBaker 2.8.1 and lower versions are vulnerable to Arbitrary File Upload. 2. BACKGROUND WebsiteBaker helps you to create the website you want: A free, easy and secure, flexible and extensible open source content management system CMS. Create new templates within minutes - powered...
WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability
OVERVIEW WebsiteBaker 2.8.1 and lower versions are vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND WebsiteBaker is a PHP-based Content Management System CMS designed with one goal in mind: to enable its users to produce websites with ease. 3. VULNERABILITY DESCRIPTION WebsiteBaker...
WebsiteBaker 2.8.1 Cross Site Request Forgery
OVERVIEW WebsiteBaker 2.8.1 and lower versions are vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND WebsiteBaker is a PHP-based Content Management System CMS designed with one goal in mind: to enable its users to produce websites with ease. 3. VULNERABILITY DESCRIPTION WebsiteBaker...
WebsiteBaker 2.8.1 <= Multiple Vulnerabilities
Exploit for php platform in category web applications ============================================================ WebsiteBaker 2.8.1 = Arbitrary File Upload Vulnerability ============================================================ 1. OVERVIEW WebsiteBaker 2.8.1 and lower versions are vulnerable...
HTB22929: Multiple Path disclosure in WebsiteBaker
Vulnerability ID: HTB22929 Reference: http://www.htbridge.ch/advisory/multiplepathdisclosureinwebsitebaker.html Product: WebsiteBaker Vendor: Website Baker Org http://www.websitebaker2.org/ Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011 Vulnerability Type: Path disclosure Risk level...
HTB22928: Multiple SQL Injections in WebsiteBaker
Vulnerability ID: HTB22928 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectionsinwebsitebaker.html Product: WebsiteBaker Vendor: Website Baker Org http://www.websitebaker2.org/ Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011 Vulnerability Type: SQL Injection Risk level:...