10 matches found
BIT-SILVERSTRIPE-2020-9280
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...
CVE-2020-9280
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...
CVE-2020-9280
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...
RhinOS CMS 3.x Arbitrary File Download
Exploit Title: RhinOS CMS 3.x - Arbitrary File Download Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.saltos.org/ Software Link: https://netix.dl.sourceforge.net/project/rhinos/archived/r1190/RhinOS-en-3.0-1190.win32.exe Version: 3.1 r0 / 3.x Category: Webapp...
CVE-2017-10673
CVE-2017-10673 affects GetSimple CMS 3.x; the admin/profile.php name field is vulnerable to cross-site scripting (XSS). The root cause is improper handling/escaping of the name value, enabling injection of arbitrary script/HTML. Impact is limited to contexts where the vulnerable profile name is r...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the 1 categoryid parameter to forums.php, or the forumid parameter to 2 forum.php or 3 forumtopicnew.php...
CVE-2009-4547
CVE-2009-4547 documents multiple XSS vulnerabilities in ViArt CMS 3.x . The flaws let remote attackers inject arbitrary JavaScript/HTML via user-supplied parameters: (1) category_id to forums.php, or (2) forum_id to forum.php, or (3) forum_topic_new.php . The root cause is cross-site scripting in...
CVE-2009-0825
SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Papoo CMS 3.x (pfadhier) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications =========================================================== Papoo CMS 3.x pfadhier Local File Inclusion Vulnerability =========================================================== + Papoo CMS 3.6 Local File Inclusion + Discovered By SirGod +...
Papoo CMS 3.x - 'pfadhier' Local File Inclusion
Papoo CMS 3.6 Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + Script Homepage : http://www.papoo-cms.com/ + Local File Inclusion - PoC : http://127.0.0.1/path/lib/classes/messageclass.php?pfadhier=Local File%00 - Example :...