Devalcms 1.4a - Cross-Site Scripting

Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file. id: CVE-2008-6982 info: name: Devalcms 1.4a - Cross-Site Scripting author: arafatansari severity: medium description: | Devalcms 1.4a contains a cross-site scripting vulnerability in th...

EUVD-2008-2906

Malware in sbrugna...

EUVD-2008-6941

Malware in sbrugna...

EUVD-2008-6942

Malware in sbrugna...

Command execution vulnerability in devalcms

devalcms is a web application. A command execution vulnerability exists in devalcms, which can be exploited by an attacker to gain control of the server...

CVE-2008-6983

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

CVE-2008-6982

Cross-site scripting XSS vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter...

Code injection

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

CVE-2008-6983

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

CVE-2008-6982

Cross-site scripting XSS vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter...

CVE-2008-6982

Devalcms 1.4a contains a Cross-Site Scripting (XSS) vulnerability in the currentpath parameter of index.php. The nuclei template for CVE-2008-6982 confirms the affected software/version and impact: arbitrary JavaScript execution in the victim’s browser, which can lead to session hijacking or info...

CVE-2008-6983

CVE-2008-6983 affects devalcms 1.4a: the file modules/tool/hitcounter.php allows remote code execution via the HTTP Referer header using the gv_folder_data parameter, demonstrated by modifying modules/tool/url2header.php. This indicates improper handling of user-controlled input in the vulnerable...

devalcms 1.4a XSS / Remote Code Execution Exploit

No description provided by source. !/usr/bin/python devalcms v1.4a Remote Code Execution Exploit / Xss AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Download :...

devalcms-xssexec.txt

!/usr/bin/python devalcms v1.4a Remote Code Execution Exploit / Xss AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Download :...

devalcms 1.4a XSS / Remote Code Execution Exploit

Exploit for unknown platform in category web applications ================================================= devalcms 1.4a XSS / Remote Code Execution Exploit ================================================= !/usr/bin/python devalcms v1.4a Remote Code Execution Exploit / Xss Discovered by : IRCRA...

Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution

!/usr/bin/python devalcms v1.4a Remote Code Execution Exploit / Xss AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Download :...

Devalcms 1.4a - Cross-Site Scripting Remote Code Execution

Devalcms 1.4a - Cross-Site Scripting Remote Code Execution !/usr/bin/python devalcms v1.4a Remote Code Execution Exploit / Xss AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina...

CVE-2008-2913

Directory traversal vulnerability in func.php in Devalcms 1.4a, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the currentpath parameter, in conjunction with certain ... triple dot and ..... sequences in the currentfile...

Directory traversal

Directory traversal vulnerability in func.php in Devalcms 1.4a, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the currentpath parameter, in conjunction with certain ... triple dot and ..... sequences in the currentfile...