Lucene search
+L

6 matches found

nvd
nvd
added 2011/12/15 3:57 a.m.23 views

CVE-2011-4828

Unrestricted file upload vulnerability in includes/inlineimageupload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/...

7.5CVSS7.6AI score0.65485EPSS
Exploits6References5
prion
prion
added 2011/12/15 3:57 a.m.17 views

Sql injection

SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information...

6.8CVSS9AI score0.01203EPSS
Exploits1References3Affected Software1
prion
prion
added 2011/12/15 3:57 a.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 p parameter to redirect.php and 2 box parameter to includes/TrueColorPicker/index.php, which is not properly handled in...

4.3CVSS6.1AI score0.01179EPSS
Exploits1References3Affected Software1
prion
prion
added 2011/12/15 3:57 a.m.13 views

Unrestricted file upload

Unrestricted file upload vulnerability in includes/inlineimageupload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/...

7.5CVSS8.2AI score0.65485EPSS
Exploits6References5Affected Software1
cve
cve
added 2011/12/15 2:0 a.m.51 views

CVE-2011-4826

CVE-2011-4826 affects AutoSec Tools V-CMS 1.0. The vulnerability is an SQL injection in session.php exploitable via the user parameter to process.php, enabling remote attackers to execute arbitrary SQL commands. Multiple connected sources corroborate this flaw (including Red Hat, NVD, and OpenVAS...

6.8CVSS8.6AI score0.01203EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2011/12/15 2:0 a.m.24 views

CVE-2011-4827

Multiple cross-site scripting XSS vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 p parameter to redirect.php and 2 box parameter to includes/TrueColorPicker/index.php, which is not properly handled in...

5.8AI score0.01179EPSS
Exploits1References3
Rows per page
Query Builder