24 matches found
EUVD-2010-3908
Malware in sbrugna...
EUVD-2010-1455
Malware in sbrugna...
EUVD-2010-3907
Malware in sbrugna...
Evolution 1.1 and Prior Remote Execution
Product: MODX Evolution Risk: Very High Severity: Critical Versions: =1.1 Vulnerability Type: Remote Code Execution Report Date: 2016-November-08 Fixed Date: 2016-November-12 Description The following components distributed with all versions of MODX Evolution and 0.9.x contain a vulnerability, th...
modx cms 0.9.6.1 - Multiple Vulnerabilities
No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title: MODx CMS Vulnerabilities Vendor: http://modxcms.com Bugs: Source code disclosure, local file inclusion Vulnerable Version: 0.9.6.1 prior versions also may be affected Exploitation: Remote with browser Fix...
Important Update to AjaxSearch Exploit in Evo 1.0.13 (and prior)
Last week we announced an exploit found in AjaxSearch that could allow a Remote Code Execution in MODX Evolution. We originally suggested the removal of the index-ajax.php file was a sufficient method to protect your site from vulnerability. It has come to our attention that this was not correct...
MODX Evolution 1.0.13 (and prior) AjaxSearch Vulnerability
Product: MODX Evolution Risk: Very High Severity: Critical Versions: =1.0.13 Vulnerabilty Type: Remote Code Execution Report Date: 2014-May-29 Fixed Date: 2014-June-5 Description The AjaxSearch component distributed with all versions of MODX Evolution and 0.9.x contains a vulnerability that allow...
tipask问答系统2.0SQL时间盲注漏洞
简要描述: 其实我是来膜拜猪头子的 详细说明: 关于对get/post检测的部分,主要就是看猪头子大牛的: WooYun: tipask问答系统2.0 ajaxsearch二次编码注入漏洞 /model/question.php function ontag $tag = urldecode$this-get'2'; //二次编码绕过 //echo $tag; $encodeword = urlencode$tag; $navtitle = $tag . '-标签搜索'; $qstatus = $status = intval$this-get3; !$status && $qstatu...
CVE-2010-3929
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch...
CVE-2010-3930
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427...
Sql injection
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch...
Directory traversal
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427...
CVE-2010-3929
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch...
CVE-2010-3930
The CVE-2010-3930 issue affects MODx Evolution 1.0.4 and earlier, described as a directory traversal vulnerability related to AjaxSearch. Connected sources confirm a vulnerable component: the ucfg parameter handling in assets/snippets/ajaxSearch/ajaxSearchPopup.php allows a remote attacker to rea...
CVE-2010-3929
CVE-2010-3929 affects MODx Evolution up to version 1.0.4. The connected sources confirm a SQL injection vulnerability in AjaxSearch that allows a remote attacker to cause arbitrary SQL commands, leading to potential arbitrary PHP code execution per JVN entries. Impact is described as remote code ...
CVE-2010-1427
Cross-site scripting XSS vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch...
Cross site scripting
Cross-site scripting XSS vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch...
CVE-2010-1427
Cross-site scripting XSS vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch...
CVE-2008-0094
Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to 1 include and execute arbitrary local files via a .. dot dot in the aslanguage parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and 2 read...
Directory traversal
Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to 1 include and execute arbitrary local files via a .. dot dot in the aslanguage parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and 2 read...