EUVD-2008-2905

Malware in sbrugna...

Multiple Cross-Site Scripting Vulnerabilities in Contenido CMS 'front_content.php'

Multiple cross-site scripting vulnerabilities exist in Contenido CMS 'frontcontent.php' due to the program failing to properly filter user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code or steal cookie-based authentication credentials...

CMS Contenido 4.9.5 Cross Site Scripting

Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Advisory ID: SROEADV-2014-03 Author: Steffen Rösemann Affected Software: CMS Contenido 4.9.x-4.9.5 Release: 10th Dec 2014 Vendor URL: http://www.contenido.org/de/ Vendor Status: fixed CVE-ID: - ==========================...

Contenido CMS 4.8.12 XSS Vulnerabilities

No description provided by source. Vulnerability ID: HTB22635 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincontenidocms.html Product: Contenido CMS Vendor: four for business AG http://www.contenido.org/ Vulnerable Version: 4.8.12 and Probably Prior Versions Vendor Notification: 29...

XSS vulnerability in Contenido CMS

Vulnerability ID: HTB22636 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincontenidocms1.html Product: Contenido CMS Vendor: four for business AG http://www.contenido.org/ Vulnerable Version: 4.8.12 and Probably Prior Versions Vendor Notification: 29 September 2010 Vulnerability Type...

XSS vulnerability in Contenido CMS

Vulnerability ID: HTB22635 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincontenidocms.html Product: Contenido CMS Vendor: four for business AG http://www.contenido.org/ Vulnerable Version: 4.8.12 and Probably Prior Versions Vendor Notification: 29 September 2010 Vulnerability Type:...

Contenido CMS 4.8.12 Cross Site Scripting

Vulnerability ID: HTB22635 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincontenidocms.html Product: Contenido CMS Vendor: four for business AG http://www.contenido.org/ Vulnerable Version: 4.8.12 and Probably Prior Versions Vendor Notification: 29 September 2010 Vulnerability Type:...

Contenido CMS 4.8.12 XSS Vulnerabilities

Exploit for php platform in category web applications ======================================== Contenido CMS 4.8.12 XSS Vulnerabilities ======================================== Product: Contenido CMS Vendor: four for business AG http://www.contenido.org/ Vulnerable Version: 4.8.12 and Probably...

Contenido CMS 4.8.12 - Multiple Cross-Site Scripting Vulnerabilities

Contenido CMS 4.8.12 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/45160/info Contenido CMS is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

Contenido CMS 4.8.12 - Cross-Site Scripting

Contenido CMS 4.8.12 - Cross-Site Scripting Vulnerability ID: HTB22635 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincontenidocms.html Product: Contenido CMS Vendor: four for business AG http://www.contenido.org/ Vulnerable Version: 4.8.12 and Probably Prior Versions Vendor...

Contenido CMS 4.8.12 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/45160/info Contenido CMS is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...

Contenido CMS 4.8.12 - Cross-Site Scripting

Vulnerability ID: HTB22635 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincontenidocms.html Product: Contenido CMS Vendor: four for business AG http://www.contenido.org/ Vulnerable Version: 4.8.12 and Probably Prior Versions Vendor Notification: 29 September 2010 Vulnerability Type:...

Cross-site Scripting (XSS) Vulnerabilities in Contenido CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Contenido CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Contenido CMS 1.1 The vulnerability exists due to input sanitation error in the "idart"...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the 1 contenidopath parameter to a contenido/backendsearch.php; the 2 cfgpathcontenido parameter to b movearticles.php, c moveoldstats.php, d...

CVE-2008-2912

Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the 1 contenidopath parameter to a contenido/backendsearch.php; the 2 cfgpathcontenido parameter to b movearticles.php, c moveoldstats.php, d...

CVE-2008-2912

Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the 1 contenidopath parameter to a contenido/backendsearch.php; the 2 cfgpathcontenido parameter to b movearticles.php, c moveoldstats.php, d...

CVE-2008-2912

Affected software. Contenido CMS (versions up to at least 4.8.4 for CVE-2008-2912; CVE-2006-5380 concerns some earlier versions). Vulnerability type. Remote File Inclusion (RFI) vulnerabilities allow remote attackers to execute arbitrary PHP code. Attack surface and vectors (as stated). In CVE-20...

CVE-2006-5380

Contenido CMS suffers a remote file inclusion (RFI) vulnerability in CVE-2006-5380 via the contenido_path parameter to cms/dbfs.php or cms/front_content.php, enabling arbitrary PHP code execution. Note: CVE disputes this for version 4.6.15 where contenido_path is static. In practice, mitigation g...

CVE-2006-5381

CVE-2006-5381 : Contenido CMS stores sensitive data under the web root with insufficient access control, enabling remote attackers to obtain database credentials and other information via direct requests to8 files in the conlib/ directory (db_msql.inc, db_mssql.inc, db_mysqli.inc, db_oci8.inc, db...

CVE-2006-5380

Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenidopath parameter to 1 cms/dbfs.php or 2 cms/frontcontent.php. NOTE: CVE disputes this issue for version 4.6.15, because $contenidopath is set to a static value...