22 matches found
EUVD-2008-3908
Malware in sbrugna...
EUVD-2008-6129
Malware in sbrugna...
CVE-2009-2342
CVE-2009-2342 is an XSS in Content Management Made Easy (CMME) prior to 1.22, affecting admin.php (the login page). The vulnerability allows remote attackers to inject arbitrary scripts via the username field in the login form. Documents consistently describe the flaw as a cross-site scripting is...
CVE-2009-2342
Cross-site scripting XSS vulnerability in admin.php aka the login page in Content Management Made Easy CMME before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field...
CVE-2008-6159
Content Management Made Easy CMME 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function...
CVE-2008-6159
Content Management Made Easy (CMME) 1.19 is affected by an information disclosure vulnerability where a direct request to info.php invokes phpinfo, allowing remote attackers to obtain system information. The flaw is triggered by accessing the info.php entry point, and the underlying cause is the ...
cmme-disclose.txt
WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: CMME Multiple Information disclosure vulnerabilities Vendor: http://cmme.oesterholt.net Bug: Information Disclosure Vulnerable Version: 1.19 prior versions also may be affected Exploitation: Remote with browser Exploi...
CMME Multiple Information disclosure vulnerabilities
WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: CMME Multiple Information disclosure vulnerabilities Vendor: http://cmme.oesterholt.net Bug: Information Disclosure Vulnerable Version: 1.19 prior versions also may be affected Exploitation: Remote with browser Exploi...
Improper access control
The "Make a backup" functionality in Content Management Made Easy CMME 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover 1 account names and 2 password hashes via a direct request for a backup/cmmedata.zip or b...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...
CVE-2008-3925
Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...
CVE-2008-3923
Multiple cross-site scripting XSS vulnerabilities in statistics.php in Content Management Made Easy CMME 1.12 allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 year parameters in an hstatyear action...
CVE-2008-3924
The "Make a backup" functionality in Content Management Made Easy CMME 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover 1 account names and 2 password hashes via a direct request for a backup/cmmedata.zip or b...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in statistics.php in Content Management Made Easy CMME 1.12 allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 year parameters in an hstatyear action...
CVE-2008-3925
CSRF in Content Management Made Easy (CMME) 1.12 affects admin.php, enabling a remote attacker to trigger logout of an administrative user via a logout action. The connected CVE/DOCs confirm the vulnerability and affected component but do not provide a patch version or mitigation steps within the...
CVE-2008-3924
The "Make a backup" functionality in Content Management Made Easy CMME 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover 1 account names and 2 password hashes via a direct request for a backup/cmmedata.zip or b...
CVE-2008-3923
CVE-2008-3923 affects Content Management Made Easy (CMME) 1.12. The vulnerability is a set of cross-site scripting (XSS) flaws in statistics.php, exploitable via the hstat_year action through the page and year parameters. The underlying cause is improper input handling/sanitization of these param...
CVE-2008-3926
Multiple directory traversal vulnerabilities in Content Management Made Easy CMME 1.12 allow remote attackers to 1 read arbitrary files via a .. dot dot in the env parameter in a weblog action to index.php, or 2 create arbitrary directories via a .. dot dot in the env parameter in a login action ...
CVE-2008-3926
CVE-2008-3926 affects Content Management Made Easy (CMME) 1.12. Two directory traversal flaws allow remote attackers to exploit the env parameter in the weblog action to index.php (read arbitrary files) or in the login action to admin.php (create arbitrary directories). The underlying issue is im...
CVE-2008-3923
Multiple cross-site scripting XSS vulnerabilities in statistics.php in Content Management Made Easy CMME 1.12 allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 year parameters in an hstatyear action...