EUVD-2012-2424

Malware in sbrugna...

AWCM 2.2 final - Local File Inclusion Vulnerability

No description provided by source. +Exploit Title: awcm v2.2 final Local File Inclusion +Date: 26-01-2011 +Author: Cucura , Ste@lth Bl@ckFalc0n +Software Link: www.awcm-cms.com +Version: v2.2 +CVE : - +Contact: BlackcucuraatGmail.com http://sourceforge.net/projects/awcm/files/...

AWCM 2.1 - Local File Inclusion / Auth Bypass Vulnerabilities

No description provided by source. ---------------------------------AWCM v2.1 LFI/Auth Bypass Vulnerabilities--------------------------------------- ---------------------------------------------------------------------------------------------------------------- Script : AWCM version : v2.1...

AWCM 2.2 Final - Persistent Cross Site Script Vulnerability

No description provided by source. Exploit Title: AWCM v2.2 final Persistent Cross Site Script Date: 13-02-2011 Author:84kur10 Software Link: www.awcm-cms.com Version: v2.2 CVE : Contact: 84kur10atgmail.com Greetz to: SLG all Members, D4nb4r, Naviterrible, J3h3s, C4br4...

AWCM Database Disclosure Vulnerability

No description provided by source. Subject:AWCM Date: 6/1/21010 Author: alnjm33 version:2.1 Tested on: version:2.1 download: http://awcm.sourceforge.net/ar/ Home:sec-war.comhttp://sec-war.com...

AWCM 2.1 final - Remote File Inclusion Vulnerability

No description provided by source...

AWCM CMS Local File Inclusion Vulnerability

No description provided by source. Software Link: http://www.awcm-cms.com/ Version: 2.x Tested on: Lunix Exploit : ?php print ------------------------------------------------------------ | Awcm Cms Local File Inclusion Vulnerability | By SwEET-DeViL | x0.rootatgmail.com | example | | Exploit.php...

CVE-2012-2437

cookiegen.php in ar web content manager AWCM 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter...

CVE-2012-2438

ar web content manager AWCM 2.2 does not restrict the number of comment records that can be submitted through HTTP requests, which allows remote attackers to cause a denial of service disk consumption via the coment parameter to 1 showvideo.php or 2 topic.php...

CVE-2012-2437

AWCM 2.2 contains an unauthenticated cookie forgery vulnerability in cookie_gen.php. An attacker can forge arbitrary cookies by supplying name and content parameters without authentication, as described in multiple sources (PoC shows requests like /awcm/cookie_gen.php?name=...&content=...). Root ...

CVE-2012-2438

AWCM 2.2 is vulnerable to an access-control flaw that lets unauthenticated attackers insert millions of comment records through the HTTP parameter com ent to show_video.php or topic.php, leading to disk consumption DoS. Root cause is lack of access protection for comment insertion. PoC examples e...

CVE-2012-2438

ar web content manager AWCM 2.2 does not restrict the number of comment records that can be submitted through HTTP requests, which allows remote attackers to cause a denial of service disk consumption via the coment parameter to 1 showvideo.php or 2 topic.php...

AWCM 2.2 Access Bypass Vulnerability

AWCM version 2.2 appears to suffer from cookie forgery and direct access vulnerabilities. Vulnerability Report AWCM 2.2 CVE-Candidate-ID: CVE-2012-2437, CVE-2012-2438 Issue: Access Control Bug in AWCM 2.2, Anyone can build the cookie and inserts DB records. Author: Sooel Son sonpostman at gmail d...

Vulnerability Report on AWCM 2.2

Vulnerability Report AWCM 2.2 CVE-Candidate-ID: CVE-2012-2437, CVE-2012-2438 Issue: Access Control Bug in AWCM 2.2, Anyone can build the cookie and inserts DB records. Author: Sooel Son sonpostman at gmail dot com Source Code: http://sourceforge.net/projects/awcm/ 1. Details: CVE-2012-2437 Withou...

AR Web Content Manager (AWCM) - cookie_gen.php Arbitrary Cookie Generation

AR Web Content Manager AWCM - cookiegen.php Arbitrary Cookie Generation source: https://www.securityfocus.com/bid/56465/info AWCM is prone to an authentication-bypass and multiple security-bypass vulnerabilities. Attackers can exploit these vulnerabilities to bypass certain security restrictions,...

AR Web Content Manager (AWCM) - 'cookie_gen.php' Arbitrary Cookie Generation

source: https://www.securityfocus.com/bid/56465/info AWCM is prone to an authentication-bypass and multiple security-bypass vulnerabilities. Attackers can exploit these vulnerabilities to bypass certain security restrictions, perform unauthorized actions; which may aid in further attacks. AWCM 2....

AWCM 2.2 LFI

Local file include vulnerability in AWCM awcmlang cookie parameter Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

CVE-2010-4810

Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager AWCM 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the themefile parameter to 1 includes/windowtop.php and 2 header.php, and the 3 langfile parameter to control/common.php...

CVE-2010-4810

CVE-2010-4810 affects AR Web Content Manager (AWCM) with multiple remote file include vulnerabilities. Public details show that AWCM versions around 2.1 final (and up to 2.2 per OpenVAS) are vulnerable to RFI via theme_file parameters to includes/window_top.php and header.php, and lang_file param...

CVE-2011-1668

CVE-2011-1668 affects AR Web Content Manager (AWCM) via a cross-site scripting vulnerability in the AWCM input surface, specifically the search.php parameter. Concrete details from connected documents show AWCM versions 2.1/2.2 (and possibly others) are vulnerable to remote injection of arbitrary...