33 matches found
CVE-2009-3803
Multiple cross-site scripting XSS vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the statusmessage parameter to 1 /news, 2 /comment, 3 /forum, 4 /blog, and 5 /tags; the statusmessage parameter to 6 forum.php, 7 discussion.php, 8...
CVE-2009-3803
CVE-2009-3803 affects Amiro.CMS 5.4.0.0 and earlier, with multiple cross-site scripting (XSS) vulnerabilities. The root cause is improper handling of user-supplied content in the status_message parameter across numerous front-end paths (including /news, /comment, /forum, /blog, /tags) and admin p...
CVE-2009-3802
CVE-2009-3802 affects Amiro.CMS 5.4.0.0 and earlier. The issue stems from an invalid loginname value ("%%%") to _admin/index.php which causes an error message that reveals the installation path and other information, enabling partial information disclosure. The NVD entry lists a Medium severity (...
CVE-2009-3802
Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname "%%%" to admin/index.php, which reveals the installation path and other information in an error message...
Amiro.CMS 5.4.0.0 Root Folder Disclosure
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ONSEC-09-005 Amiro.CMS root folder disclosure Objective: Amiro CMS = 5.4.0.0 Type: Disclosure of ways Threat: Medium Date Discovered: 01.07.2009 Date of notification Developer: 01.07.2009...
Amiro.CMS 5.4.0.0 Cross Site Scripting
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ONSEC-09-004 Amiro.CMS Multiple XSS Objective: Amiro = 5.4.0.0 Type: Cross-site scripting Threat: Medium Date Discovered: 01.07.2009 Date of notification Developer: 01.07.2009 Released fixes:...
Amiro.CMS <= 5.4.0.0 xss
Exploit for unknown platform in category web applications ======================== Amiro.CMS = 5.4.0.0 xss ======================== ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ONSEC-09-004 Amiro.CMS Multiple XSS Objective: Amiro = 5.4.0...
Amiro.CMS <= 5.4.0.0 folder disclosure
Exploit for unknown platform in category web applications ====================================== Amiro.CMS = 5.4.0.0 folder disclosure ====================================== ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ONSEC-09-005...
Amiro.CMS 5.4 - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/42430/info Amiro.CMS is prone to multiple input-validation vulnerabilities including multiple cross-site scripting issues, an HTML-injection issue, and an information-disclosure issue. An attacker may leverage the issues to execute arbitrary script code i...
[ONSEC-09-004] Amiro.CMS Multiple XSS
http://onsec.ru/vuln?id=11 ONSEC-09-004 Amiro.CMS Multiple XSS Цель: Amiro = 5.4.0.0 Тип: Межсайтовый скриптинг Угроза: Средняя Дата обнаружения: 01.07.2009 Дата оповещения разработчика: 01.07.2009 Дата выхода исправления: 06.10.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec do...
Amiro.CMS <= 5.4.0.0 xss
No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ONSEC-09-004 Amiro.CMS Multiple XSS Objective: Amiro = 5.4.0.0 Type: Cross-site scripting Threat: Medium Date Discovered: 01.07.2009 Date of notification...
[ONSEC-09-005] Amiro.CMS root folder disclosure
http://onsec.ru/vuln?id=12 ONSEC-09-005 Amiro.CMS root folder disclosure Цель: Amiro CMS = 5.4.0.0 Тип: Раскрытие путей Угроза: Средняя Дата обнаружения: 01.07.2009 Дата оповещения разработчика: 01.07.2009 Дата выхода исправления: 06.10.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group...
Amiro.CMS 5.4.0.0 - Path Disclosure
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ONSEC-09-005 Amiro.CMS root folder disclosure Objective: Amiro CMS = 5.4.0.0 Type: Disclosure of ways Threat: Medium Date Discovered: 01.07.2009 Date of notification Developer: 01.07.2009...