22 matches found
EUVD-2010-4989
Malware in sbrugna...
EUVD-2010-4988
Malware in sbrugna...
CVE-2010-5024
SQL injection vulnerability in manage/adduser.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the userid parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-5025
Cross-site scripting XSS vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fldpath parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-5025
Cross-site scripting XSS vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fldpath parameter. NOTE: some of these details are obtained from third party information...
Sql injection
SQL injection vulnerability in manage/adduser.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the userid parameter. NOTE: some of these details are obtained from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fldpath parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-5025
CVE-2010-5025 is a cross-site scripting (XSS) vulnerability in CuteSITE CMS, specifically in the script at manage/main.php where the vulnerable input is the fld_path parameter . Affected versions are CuteSITE CMS 1.2.3 and 1.5.0 . The root cause is improper input validation/sanitization of fld_pa...
CVE-2010-5025
Cross-site scripting XSS vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fldpath parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-5024
SQL injection vulnerability in manage/adduser.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the userid parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-5024
CVE-2010-5024 affects CuteSITE CMS (versions 1.2.3 and 1.5.0). The flaw is a SQL injection in manage/add_user.php where the user_id parameter is unsafely handled. A remote authenticated user with Read privileges can execute arbitrary SQL commands, potentially reading, modifying, adding, or deleti...
CuteSITE CMS 1.5.0 Cross Site Scripting
Vulnerability ID: HTB22397 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincutesitecms.html Product: CuteSITE CMS Vendor: AMT Company Vulnerable Version: 1.5.0 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed,...
CuteSITE CMS 1.5.0 Cross Site Request Forgery
Vulnerability ID: HTB22395 Reference: http://www.htbridge.ch/advisory/xsrfcsrfincutesitecms.html Product: CuteSITE CMS Vendor: AMT Company Vulnerable Version: 1.5.0 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: CSRF Cross-Site Request Forgery Status: Not Fixed,...
CuteSITE CMS 1.5.0 SQL Injection
Vulnerability ID: HTB22396 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityincutesitecms.html Product: CuteSITE CMS Vendor: AMT Company Vulnerable Version: 1.5.0 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: SQL Injection Status: Not Fixed,...
SQL injection vulnerability in CuteSITE CMS
Vulnerability ID: HTB22396 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityincutesitecms.html Product: CuteSITE CMS Vendor: AMT Company Vulnerable Version: 1.5.0 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: SQL Injection Status: Not Fixed,...
XSS vulnerability in CuteSITE CMS
Vulnerability ID: HTB22397 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincutesitecms.html Product: CuteSITE CMS Vendor: AMT Company Vulnerable Version: 1.5.0 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed,...
XSRF (CSRF) in CuteSITE CMS
Vulnerability ID: HTB22395 Reference: http://www.htbridge.ch/advisory/xsrfcsrfincutesitecms.html Product: CuteSITE CMS Vendor: AMT Company Vulnerable Version: 1.5.0 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: CSRF Cross-Site Request Forgery Status: Not Fixed,...
CuteSITE CMS 1.x - manageadd_user.php?user_id SQL Injection
CuteSITE CMS 1.x - manageadduser.php?userid SQL Injection source: https://www.securityfocus.com/bid/40612/info CuteSITE CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these...
CuteSITE CMS 1.x - '/manage/add_user.php?user_id' SQL Injection
source: https://www.securityfocus.com/bid/40612/info CuteSITE CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based...
CuteSITE CMS 1.x - managemain.php?fld_path Cross-Site Scripting
CuteSITE CMS 1.x - managemain.php?fldpath Cross-Site Scripting source: https://www.securityfocus.com/bid/40612/info CuteSITE CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these...