CakePHP 1.1.7.3363 Vendors.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20150/info CakePHP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable syst...

SecurityComponent cross form submission issue

More info at https://bakery.cakephp.org/2014/04/29/CakePHP-1-3-18-and-2-4-8-released.html...

SecurityComponent cross form submission issue

More info at https://bakery.cakephp.org/2014/04/29/CakePHP-1-3-18-and-2-4-8-released.html...

CakePHP AssetDispatcher Local File Inclusion Vulnerability

CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...

mooSocial 1.3 - Multiple Vulnerabilities

Exploit Title: mooSocial 1.3 - Multiple Vulnerabilites Official site: http://www.moosocial.com Risk Level: High Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 22/08/2013 +----------+ | OVERVIEW | +----------+ mooSocial is a social networking script built on top of CakePHP 2...

mooSocial 1.3 - Multiple Vulnerabilities

mooSocial 1.3 - Multiple Vulnerabilities Exploit Title: mooSocial 1.3 - Multiple Vulnerabilites Official site: http://www.moosocial.com Risk Level: High Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 22/08/2013 +----------+ | OVERVIEW | +----------+ mooSocial is a social...

mooSocial 1.3 Cross Site Scripting / Local File Inclusion Vulnerability

mooSocial version 1.3 suffers from cross site scripting and local file inclusion vulnerabilities. Exploit Title: mooSocial 1.3 - Multiple Vulnerabilites Official site: http://www.moosocial.com Risk Level: High Demo : http://demo.moosocial.com Exploit Author: Esac Homepage author : www.iss4m.ma La...

mooSocial 1.3 Cross Site Scripting / Local File Inclusion

Exploit Title: mooSocial 1.3 - Multiple Vulnerabilites Official site: http://www.moosocial.com Risk Level: High Demo : http://demo.moosocial.com Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 22/08/2013 +----------+ | OVERVIEW | +----------+ mooSocial is a social networking...

CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion

source: https://www.securityfocus.com/bid/61746/info CakePHP is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files or execute arbitrary script code in the context of the web server...

CakePHP 2.3.7 / 2.2.8 Local File Inclusion

CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...

CakePHP 2.2.82.3.7 - AssetDispatcher Class Local File Inclusion

CakePHP 2.2.82.3.7 - AssetDispatcher Class Local File Inclusion source: https://www.securityfocus.com/bid/61746/info CakePHP is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files or...

CVE-2012-4399

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...

Xxe

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...

CVE-2012-4399

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...

CVE-2012-4399

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...

CVE-2012-4399

The CVE-2012-4399 issue affects CakePHP’s Xml class: versions 2.1.x prior to 2.1.5 and 2.2.x prior to 2.2.1 are vulnerable to an XML external entity (XXE) injection that lets remote attackers read arbitrary files via XML data containing external entity references. Root cause is improper handling ...

CVE-2012-4399

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...

PT-2012-5373 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions 2.1.x through 2.1.4 CakePHP versions 2.2.x through 2.2.0 Description: The issue allows remote attackers to read arbitrary files via XML data containing external entity references, specifically through an XML external entity X...

XXE Injection in CakePHP and Squiz CMS

Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...

CakePHP / Squiz CMS XXE Injection

Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...