Lucene search
K

12 matches found

Prion
Prion
added 2014/06/06 2:55 p.m.16 views

Session fixation

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

5CVSS7.1AI score0.01173EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2014/06/06 2:0 p.m.40 views

CVE-2013-4728

CVE-2013-4728 affects DDSN Interactive cm3 Acora CMS versions such as 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). The vulnerability allows remote attackers to obtain sensitive information via a crafted .. (dot dot) in the l parameter, which reveals the installation path in a...

5CVSS6.3AI score0.01173EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2014/06/06 2:0 p.m.27 views

CVE-2013-4725

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

6.6AI score0.01173EPSS
Exploits2References2
CVE
CVE
added 2014/06/06 2:0 p.m.41 views

CVE-2013-4725

CVE-2013-4725 affects DDSN Interactive cm3 Acora CMS versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). Description: the CMS does not set the Secure flag on an unspecified cookie in HTTPS sessions, allowing an attacker to capture the cookie by intercepting its transmission...

5CVSS6.8AI score0.01173EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2014/06/06 2:0 p.m.42 views

CVE-2013-4724

CVE-2013-4724 affects DDSN Interactive cm3 Acora CMS versions including 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). The issue is failure to set the HTTPOnly flag on a Set-Cookie header for an unspecified cookie, potentially allowing remote attackers to access sensitive cooki...

5CVSS6.3AI score0.01173EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2014/04/25 5:12 p.m.15 views

CVE-2013-4726

Cross-site request forgery CSRF vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

6.8CVSS7.1AI score0.01062EPSS
Exploits3References3
NVD
NVD
added 2014/04/25 5:12 p.m.13 views

CVE-2013-4723

Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx...

5.8CVSS6.7AI score0.01971EPSS
Exploits3References3
Prion
Prion
added 2014/04/25 5:12 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 url, 3 qstr parameter...

4.3CVSS6.2AI score0.01854EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2014/04/25 5:0 p.m.34 views

CVE-2013-4722

Multiple cross-site scripting XSS vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 url, 3 qstr parameter...

5.8AI score0.01854EPSS
Exploits3References3
Cvelist
Cvelist
added 2014/04/25 5:0 p.m.16 views

CVE-2013-4726

Cross-site request forgery CSRF vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

7.1AI score0.01062EPSS
Exploits3References3
CVE
CVE
added 2014/04/25 5:0 p.m.56 views

CVE-2013-4722

CVE-2013-4722 affects Acora CMS (DDSN cm3 Acora CMS) prior to or within versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1. The vulnerability is a reflected cross-site scripting (XSS) in Admin/login/default.asp caused by insufficient input validation and lack of output escaping for parameters us...

4.3CVSS5.9AI score0.01854EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2014/04/25 5:0 p.m.38 views

CVE-2013-4726

CVE-2013-4726 concerns Acora CMS (CM3 AcoraCMS) in DDSN Interactive, affected versions include 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). The description states a Cross-site request forgery (CSRF) vulnerability that allows remote attackers to hijack the authentication of un...

6.8CVSS7.3AI score0.01062EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder