11 matches found
EUVD-2015-1735
Malware in sbrugna...
EUVD-2015-1734
Malware in sbrugna...
Adminsystems CMS Multiple Vulnerabilities
Adminsystems CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Multiple Cross-Site Scripting Vulnerabilities in Landsknecht Adminsystems CMS
Landsknecht Adminsystems CMS is a content management system. A cross-site scripting vulnerability exists in Landsknecht Adminsystems CMS, which allows attackers to exploit the vulnerability to obtain sensitive information and hijack sessions...
CVE-2015-1603
Multiple cross-site scripting XSS vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 page parameter to index.php or 2 id parameter in a usersusers action to asys/site/system.php...
Unrestricted file upload
Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 page parameter to index.php or 2 id parameter in a usersusers action to asys/site/system.php...
CVE-2015-1603
Adminsystems CMS is affected by multiple XSS flaws in versions before 4.0.2, exploitable via the page parameter to index.php or the id parameter in a users_users action to asys/site/system.php. The CVE-2015-1603 entry corresponds to these XSS issues (CVSSv2 base 4.3, Medium). Remediation is to up...
CVE-2015-1604
Adminsystems CMS (asys) is affected by CVE-2015-1604: an unrestricted file upload in asys/site/files.php prior to 4.0.2 lets remote authenticated users upload a file with an executable extension and access it via upload/files/, enabling arbitrary code execution. CVSS v2 base score 6.5 (Partial im...
CVE-2015-1603
Multiple cross-site scripting XSS vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 page parameter to index.php or 2 id parameter in a usersusers action to asys/site/system.php...
CVE-2015-1604
Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/...