16 matches found
EUVD-2008-3398
Malware in sbrugna...
Discuz! ML arbitrary code execution vulnerability alerts-a vulnerability alert-the black bar safety net
2019 Year 7 month 11 days, the network appeared on a Discuz it! ML remote code execution vulnerability PoC, through Sangfor security researcher to verify the analysis found, the attacker can use the vulnerability in the request flow of the cookie field in the language parameter to insert arbitrar...
Comsenz SupeSite CMS 'title' field HTML injection vulnerability
Comsenz SupeSite CMS is a content management system CMS of China Comsenz Comsenz. The system provides information management , information publishing , information review , information classification , information field customization and other functions . An HTML injection vulnerability exists in...
Comsenz SupeSite CMS 7.0 Cross Site Scripting
Comsenz SupeSite CMS 7.0 Stored XSS Cross-site Scripting Security Vulnerabilities Exploit Title: Comsenz SupeSite CMS 7.0 Stored XSS Security Vulnerabilities Product: Supesite CMS Content Management System Vendor: ComSenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory Publication:...
Comsenz SupeSite CMS SQL Injection Vulnerability
Comsenz SupeSite 7.0 CMS is a content management system developed by Comsenz. Comsenz SupeSite 7.0 CMS "batch.common.php" fails to properly filter user-submitted inputs for the "name" parameter, allowing remote attackers to submit specially crafted SQL queries to manipulate or obtain database dat...
Comsenz SupeSite CMS 7.0 SQL Injection
Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities Exploit Title: Comsenz SupeSite CMS SQL Injection Security Vulnerabilities Product: SupeSite CMS Content Management System Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory Publication: March 14, 2015 Late...
Comsenz SupeSite CMS Arbitrary Code Execution Vulnerability
Comsenz SupeSite CMS is a content management system CMS of China Comsenz Comsenz. An arbitrary code execution vulnerability exists in Comsenz SupeSite CMS, which arises from the program failing to adequately filter user-submitted input. An attacker could exploit this vulnerability to execute...
Comsenz SupeSite CMS 'cp.php' Cross-Site Scripting Vulnerability
Comsenz SupeSite CMS is a content management system CMS of China Comsenz Comsenz. A cross-site scripting vulnerability exists in Comsenz SupeSite CMS, which arises from the program's failure to adequately filter user-submitted input. When a user browses the affected site, their browser will execu...
Comsenz SupeSite CMS 7.0 Code Execution
Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities Exploit Title: Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities Product: SupeSite CMS Content Management System Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory Publication: F...
Comsenz SupeSite CMS 7.0 Cross Site Scripting
Comsenz SupeSite CMS Reflected XSS Cross-site Scripting Security Vulnerabilities Exploit Title: Comsenz SupeSite CMS /cp.php do parameter Reflected XSS Security Vulnerabilities Product: SupeSite CMS Content Management System Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0...
Comsenz官网被入侵
简要描述: shell一枚 前个wooyun账号忘密码了,求个邀请。 详细说明: http://www.comsenz.com/link.php?a=vardump3 漏洞证明: http://www.comsenz.com/link.php?a=vardump3...
Discuz! 6.0.0 Cross Site Scripting
Discuz! 6.0.0 Download: http://www.comsenz.com/downloads/install/discuz Vendor: www.comsenz.com Author: s4r4d0 mail: [email protected] Bug: Cross site scripting has benn found on viewthread.php file. Exploit: http://host/bbs/viewthread.php?tid=Xss Demo:...
CVE-2008-3412
SQL injection vulnerability in Comsenz EPShop aka ECShop before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a 1 proshow or 2 disppro action to the default URI...
Sql injection
SQL injection vulnerability in Comsenz EPShop aka ECShop before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a 1 proshow or 2 disppro action to the default URI...
CVE-2008-3412
CVE-2008-3412 is a SQL injection in Comsenz EPShop (ECShop) prior to 3.0. The vulnerability is exploitable via the pid parameter in the pro_show or disppro actions to the default URI, enabling remote attackers to execute arbitrary SQL commands. The exploitation status is not detailed in the provi...
CVE-2008-3412
SQL injection vulnerability in Comsenz EPShop aka ECShop before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a 1 proshow or 2 disppro action to the default URI...