22 matches found
EUVD-2008-6129
Malware in sbrugna...
EUVD-2008-3908
Malware in sbrugna...
CVE-2009-2342
Cross-site scripting XSS vulnerability in admin.php aka the login page in Content Management Made Easy CMME before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field...
CVE-2009-2342
CVE-2009-2342 is an XSS in Content Management Made Easy (CMME) prior to 1.22, affecting admin.php (the login page). The vulnerability allows remote attackers to inject arbitrary scripts via the username field in the login form. Documents consistently describe the flaw as a cross-site scripting is...
CVE-2008-6159
Content Management Made Easy (CMME) 1.19 is affected by an information disclosure vulnerability where a direct request to info.php invokes phpinfo, allowing remote attackers to obtain system information. The flaw is triggered by accessing the info.php entry point, and the underlying cause is the ...
CVE-2008-6159
Content Management Made Easy CMME 1.19 allows remote attackers to obtain system information via a direct request to info.php, which invokes the phpinfo function...
cmme-disclose.txt
WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: CMME Multiple Information disclosure vulnerabilities Vendor: http://cmme.oesterholt.net Bug: Information Disclosure Vulnerable Version: 1.19 prior versions also may be affected Exploitation: Remote with browser Exploi...
CMME Multiple Information disclosure vulnerabilities
WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: CMME Multiple Information disclosure vulnerabilities Vendor: http://cmme.oesterholt.net Bug: Information Disclosure Vulnerable Version: 1.19 prior versions also may be affected Exploitation: Remote with browser Exploi...
CVE-2008-3923
Multiple cross-site scripting XSS vulnerabilities in statistics.php in Content Management Made Easy CMME 1.12 allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 year parameters in an hstatyear action...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...
CVE-2008-3925
Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in statistics.php in Content Management Made Easy CMME 1.12 allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 year parameters in an hstatyear action...
Improper access control
The "Make a backup" functionality in Content Management Made Easy CMME 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover 1 account names and 2 password hashes via a direct request for a backup/cmmedata.zip or b...
CVE-2008-3924
The "Make a backup" functionality in Content Management Made Easy CMME 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover 1 account names and 2 password hashes via a direct request for a backup/cmmedata.zip or b...
CVE-2008-3923
Multiple cross-site scripting XSS vulnerabilities in statistics.php in Content Management Made Easy CMME 1.12 allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 year parameters in an hstatyear action...
CVE-2008-3924
The "Make a backup" functionality in Content Management Made Easy CMME 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover 1 account names and 2 password hashes via a direct request for a backup/cmmedata.zip or b...
CVE-2008-3926
Multiple directory traversal vulnerabilities in Content Management Made Easy CMME 1.12 allow remote attackers to 1 read arbitrary files via a .. dot dot in the env parameter in a weblog action to index.php, or 2 create arbitrary directories via a .. dot dot in the env parameter in a login action ...
CVE-2008-3925
CSRF in Content Management Made Easy (CMME) 1.12 affects admin.php, enabling a remote attacker to trigger logout of an administrative user via a logout action. The connected CVE/DOCs confirm the vulnerability and affected component but do not provide a patch version or mitigation steps within the...
CVE-2008-3923
CVE-2008-3923 affects Content Management Made Easy (CMME) 1.12. The vulnerability is a set of cross-site scripting (XSS) flaws in statistics.php, exploitable via the hstat_year action through the page and year parameters. The underlying cause is improper input handling/sanitization of these param...
CVE-2008-3924
Content Management Made Easy (CMME) 1.12 exposes sensitive data under the web root via its Make a backup feature, allowing remote attackers to directly request backup/cmme_data.zip or backup/cmme_cmme.zip to discover account names and password hashes. Vector a reportedly also affects CMME 1.19. T...