21 matches found
EUVD-2010-2721
Malware in sbrugna...
EUVD-2008-0710
Malware in sbrugna...
CVE-2008-0700
Cross-site scripting XSS vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CruxCMS 3.0 'search.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27588/info CruxCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
CruxCMS Multiple Input Validation Vulnerabilities
CruxCMS is prone to multiple input-validation vulnerabilities, including multiple security-bypass issues, multiple arbitrary-file- upload issues, multiple SQL-injection issues, a local file-include issue, a cross-site-scripting issue and multiple information- disclosure issues. These issues occur...
CruxCMS Multiple Input Validation Vulnerabilities
CruxCMS is prone to multiple input-validation vulnerabilities, including multiple security-bypass issues, multiple arbitrary-file- upload issues, multiple SQL-injection issues, a local file-include issue, a cross-site-scripting issue and multiple information- disclosure issues. These issues occur...
[waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0
waraxe-2010-SA078 - Multiple Vulnerabilities in CruxCMS 3.0.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. December 2010 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-78.html Affected Software: CruxCMS is a...
CruxCMS 3.0.0 Bypass / Shell Upload / SQL Injection / XSS / LFI
waraxe-2010-SA078 - Multiple Vulnerabilities in CruxCMS 3.0.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. December 2010 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-78.html Affected Software: CruxCMS is a...
CruxCMS 3.0 - Multiple Input Validation Vulnerabilities
CruxCMS 3.0 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/45594/info CruxCMS is prone to multiple input-validation vulnerabilities, including multiple security-bypass issues, multiple arbitrary-file-upload issues, multiple SQL-injection issues, a local...
CruxCMS 3.0 - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/45594/info CruxCMS is prone to multiple input-validation vulnerabilities, including multiple security-bypass issues, multiple arbitrary-file-upload issues, multiple SQL-injection issues, a local file-include issue, a cross-site-scripting issue and multipl...
CruxSoftware Products Version Detection
This script finds the running CruxSoftware Products version. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CruxCMS 'txtusername' Parameter Cross Site Scripting Vulnerability
CruxCMS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2010-2717
CruxCMS 3.0 (CruxSoftware) is affected in manager/login.php via the txtusername parameter, enabling Cross-Site Scripting (XSS). The CVE-2010-2717 entry is supported by multiple sources (NVD, OpenVAS NASL, HTBridge) describing an input sanitation flaw that lets remote attackers inject arbitrary sc...
XSS vulnerability in CruxCMS
Vulnerability ID: HTB22445 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincruxcms.html Product: CruxCMS Vendor: CruxSoftware Vulnerable Version: 3.00 and Probably Prior Versions Vendor Notification: 21 June 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed, Vendor...
XSS vulnerability in CruxCMS
Vulnerability ID: HTB22446 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincruxcms1.html Product: CruxCMS Vendor: CruxSoftware Vulnerable Version: 3.00 and Probably Prior Versions Vendor Notification: 21 June 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed, Vendor...
CruxCMS 3.00 Cross Site Scripting
===================================== Vulnerability ID: HTB22445 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincruxcms.html Product: CruxCMS Vendor: CruxSoftware Vulnerable Version: 3.00 and Probably Prior Versions Vendor Notification: 21 June 2010 Vulnerability Type: XSS Cross Sit...
Cross-site Scripting (XSS) Vulnerabilities in CruxCMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CruxCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in CruxCMS: CVE-2008-0700 The vulnerability exists due to input sanitation error in the "search"...
CVE-2008-0700
Affected software: Crux Software CruxCMS 3.0 (CruxCMS). Issue: Cross-site Scripting (XSS) in search.php via the search parameter, enabling remote injection of arbitrary web script/HTML and potential script execution in a user’s browser. Underlying cause: input sanitation error in the search param...
CVE-2008-0700
Cross-site scripting XSS vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CruxCMS 3.0 - search.php Cross-Site Scripting
CruxCMS 3.0 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/27588/info CruxCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browse...