CakePHP 3.0.11 and 3.1.0-beta2 Released

CakePHP 3.0.11 and 3.1.0-beta2 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.0.11 and 3.1.0-beta2. These releases are a maintenance releases that contain bugfixes and fixes for security issues. Security Fixes There are two issues that can impact the...

Denial of Service attack through XML payloads

More info at https://bakery.cakephp.org/2015/05/28/cakephp266and306released.html...

CakePHP 2.6.6 and 3.0.6 Released

CakePHP 2.6.6 and 3.0.6 Released The CakePHP core team is ready to announce the immediate availability of CakePHP 2.6.6 and 3.0.6. These are maintenance releases that contain important security fixes. Security Fixes Earlier this week we were notified that RequestHandlerComponent had a vulnerabili...

CakePHP 3.0.4 Released

CakePHP 3.0.4 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.0.4. This is a maintenance release that contains security fixes and bugfixes. Security Fixes There are two issues that can impact the security of a CakePHP application: CsrfComponent fails to...

AdaptCMS 3.0.3 - Multiple Vulnerabilities

AdaptCMS 3.0.3 - Multiple Vulnerabilities !/usr/bin/env python AdaptCMS 3.0.3 Remote Command Execution Exploit Vendor: Insane Visions Product web page: http://www.adaptcms.com Affected version: 3.0.3 Summary: AdaptCMS is a Content Management System trying to be both simple and easy to use, as wel...

AdaptCMS 3.0.3 Cross Site Scripting

AdaptCMS 3.0.3 Multiple Persistent XSS Vulnerabilities Vendor: Insane Visions Product web page: http://www.adaptcms.com Affected version: 3.0.3 Summary: AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only so we can...

AdaptCMS 3.0.3 Remote Command Execution

!/usr/bin/env python AdaptCMS 3.0.3 Remote Command Execution Exploit Vendor: Insane Visions Product web page: http://www.adaptcms.com Affected version: 3.0.3 Summary: AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only s...

AdaptCMS 3.0.3 Remote Command Execution Exploit

Summary AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only so we can easily create Plugins or additions, but so other developers can get involved. Using CakePHP we are able to achieve this with a built-in plugin system...

AdaptCMS 3.0.3 HTTP Referer Header Open Redirect

AdaptCMS 3.0.3 HTTP Referer Header Field Open Redirect Vulnerability Vendor: Insane Visions Product web page: http://www.adaptcms.com Affected version: 3.0.3 Summary: AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only...

Croogo 2.0.0 - Arbitrary PHP Code Execution Exploit

No description provided by source. !/usr/bin/env python Croogo 2.0.0 Arbitrary PHP Code Execution Exploit Vendor: Fahad Ibnay Heylaal Product web page: http://www.croogo.org Affected version: 2.0.0 Summary: Croogo is a free, open source, content management system for PHP, released under The MIT...

Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities

------------------------ XSS 1 -------- POST parameters: - dataContacttitle ------------------------ input type="hidden" name="dataTokenkey" value="2627e9e204ad6b878db...

Croogo 2.0.0 - Arbitrary PHP Code Execution

Croogo 2.0.0 - Arbitrary PHP Code Execution !/usr/bin/env python Croogo 2.0.0 Arbitrary PHP Code Execution Exploit Vendor: Fahad Ibnay Heylaal Product web page: http://www.croogo.org Affected version: 2.0.0 Summary: Croogo is a free, open source, content management system for PHP, released under...

Croogo 2.0.0 Cross Site Scripting

------------------------ XSS 1 -------- POST parameters: - dataContacttitle ------------------------ input type="hidden" name="dataTokenkey" value="2627e9e2...

Croogo 2.0.0 Arbitrary PHP Code Execution

!/usr/bin/env python Croogo 2.0.0 Arbitrary PHP Code Execution Exploit Vendor: Fahad Ibnay Heylaal Product web page: http://www.croogo.org Affected version: 2.0.0 Summary: Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MV...

Croogo 2.0.0 Multiple Stored XSS Vulnerabilities

Summary Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MVC framework. Description Croogo version 2.0.0 suffers from multiple stored cross-site scripting vulnerabilities. Input passed to several POST parameters is not...

CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit

No description provided by source. $Id: cakephpcachecorruption.rb 11579 2011-01-14 16:25:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

CakePHP 2.x-2.2.0-RC2 XXE Injection

No description provided by source. Exploit title: CakePHP XXE injection Date: 01.07.2012 Software Link: http://www.cakephp.org Vulnerable version: 2.x - 2.2.0-RC2 Tested on: Windows and Linux Author: Pawel Wylecial http://h0wl.pl 1. Background Short description from the project website: CakePHP...

VamCart 0.9 CMS - Multiple Vulnerabilities

No description provided by source. Title: ====== VamCart v0.9 CMS - Multiple Web Vulnerabilities Date: ===== 2012-06-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=622 VL-ID: ===== 622 Common Vulnerability Scoring System: ==================================== 4...

mooSocial 1.3 - Multiple Vulnerabilites

No description provided by source. Exploit Title: mooSocial 1.3 - Multiple Vulnerabilites Official site: http://www.moosocial.com Risk Level: High Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 22/08/2013 +----------+ | OVERVIEW | +----------+ mooSocial is a social networking...

CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability

No description provided by source. Source: http://securityreason.com/securityalert/8026 CakePHP = 1.3.5 / 1.2.8 unserialize Vulnerability felix |at| malloc.im =========================================================================== ==== Overview: CakePHP is a rapid development framework for PH...