24 matches found
EUVD-2009-3201
Malware in sbrugna...
EUVD-2011-0915
Malware in sbrugna...
EUVD-2009-3202
Malware in sbrugna...
EUVD-2010-4775
Malware in sbrugna...
EUVD-2011-1668
Malware in sbrugna...
EUVD-2010-1098
Malware in sbrugna...
CVE-2012-2437
AWCM 2.2 contains an unauthenticated cookie forgery vulnerability in cookie_gen.php. An attacker can forge arbitrary cookies by supplying name and content parameters without authentication, as described in multiple sources (PoC shows requests like /awcm/cookie_gen.php?name=...&content=...). Root ...
CVE-2010-4810
Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager AWCM 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the themefile parameter to 1 includes/windowtop.php and 2 header.php, and the 3 langfile parameter to control/common.php...
CVE-2010-4810
Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager AWCM 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the themefile parameter to 1 includes/windowtop.php and 2 header.php, and the 3 langfile parameter to control/common.php...
CVE-2010-4810
CVE-2010-4810 affects AR Web Content Manager (AWCM) with multiple remote file include vulnerabilities. Public details show that AWCM versions around 2.1 final (and up to 2.2 per OpenVAS) are vulnerable to RFI via theme_file parameters to includes/window_top.php and header.php, and lang_file param...
AR Web Content Manager (AWCM) 'search.php' Cross Site Scripting Vulnerability
AR Web Content Manager AWCM is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2011-1668
Cross-site scripting XSS vulnerability in search.php in AR Web Content Manager AWCM 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in search.php in AR Web Content Manager AWCM 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2011-1668
Cross-site scripting XSS vulnerability in search.php in AR Web Content Manager AWCM 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter...
AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability
AR Web Content Manager AWCM v2.2 Cross-Site scripting Vulnerability SecPod Technologies www.secpod.com Author: Antu Sanadi SecPod ID: 1012 21/03/2011 Issue Discovered 24/03/2011 Vendor Notified 24/03/2011 Vendor Responded 25/03/2011 Vendor Solution Class: Cross-Site Scripting Severity: Medium...
CVE-2011-0903
Multiple directory traversal vulnerabilities in AR Web Content Manager AWCM 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. dot dot in the 1 awcmtheme or 2 awcmlang cookie to a index.php or b header.php...
Directory traversal
Multiple directory traversal vulnerabilities in AR Web Content Manager AWCM 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. dot dot in the 1 awcmtheme or 2 awcmlang cookie to a index.php or b header.php...
CVE-2011-0903
Multiple directory traversal vulnerabilities in AR Web Content Manager AWCM 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. dot dot in the 1 awcmtheme or 2 awcmlang cookie to a index.php or b header.php...
CVE-2011-0903
AR Web Content Manager (AWCM) 2.2 is affected by multiple directory traversal vulnerabilities that allow reading arbitrary files via a .. in the awcm_theme or awcm_lang cookie parameters when accessing index.php or header.php. The DSquare DSquare security entry characterizes this as a Local File ...
CVE-2010-1066
AR Web Content Manager AWCM 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/dbbackup.php...