12 matches found
Session fixation
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...
CVE-2013-4728
CVE-2013-4728 affects DDSN Interactive cm3 Acora CMS versions such as 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). The vulnerability allows remote attackers to obtain sensitive information via a crafted .. (dot dot) in the l parameter, which reveals the installation path in a...
CVE-2013-4725
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...
CVE-2013-4725
CVE-2013-4725 affects DDSN Interactive cm3 Acora CMS versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). Description: the CMS does not set the Secure flag on an unspecified cookie in HTTPS sessions, allowing an attacker to capture the cookie by intercepting its transmission...
CVE-2013-4724
CVE-2013-4724 affects DDSN Interactive cm3 Acora CMS versions including 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). The issue is failure to set the HTTPOnly flag on a Set-Cookie header for an unspecified cookie, potentially allowing remote attackers to access sensitive cooki...
CVE-2013-4726
Cross-site request forgery CSRF vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2013-4723
Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 url, 3 qstr parameter...
CVE-2013-4722
Multiple cross-site scripting XSS vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 url, 3 qstr parameter...
CVE-2013-4726
Cross-site request forgery CSRF vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2013-4722
CVE-2013-4722 affects Acora CMS (DDSN cm3 Acora CMS) prior to or within versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1. The vulnerability is a reflected cross-site scripting (XSS) in Admin/login/default.asp caused by insufficient input validation and lack of output escaping for parameters us...
CVE-2013-4726
CVE-2013-4726 concerns Acora CMS (CM3 AcoraCMS) in DDSN Interactive, affected versions include 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). The description states a Cross-site request forgery (CSRF) vulnerability that allows remote attackers to hijack the authentication of un...