Devalcms 1.4a - Cross-Site Scripting

Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file. id: CVE-2008-6982 info: name: Devalcms 1.4a - Cross-Site Scripting author: arafatansari severity: medium description: | Devalcms 1.4a contains a cross-site scripting vulnerability in th...

EUVD-2008-6941

Malware in sbrugna...

EUVD-2008-2906

Malware in sbrugna...

EUVD-2008-6942

Malware in sbrugna...

Command execution vulnerability in devalcms

devalcms is a web application. A command execution vulnerability exists in devalcms, which can be exploited by an attacker to gain control of the server...

CVE-2008-6983

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

CVE-2008-6982

Cross-site scripting XSS vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter...

Code injection

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

CVE-2008-6982

Cross-site scripting XSS vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter...

CVE-2008-6982

Devalcms 1.4a contains a Cross-Site Scripting (XSS) vulnerability in the currentpath parameter of index.php. The nuclei template for CVE-2008-6982 confirms the affected software/version and impact: arbitrary JavaScript execution in the victim’s browser, which can lead to session hijacking or info...

CVE-2008-6983

CVE-2008-6983 affects devalcms 1.4a: the file modules/tool/hitcounter.php allows remote code execution via the HTTP Referer header using the gv_folder_data parameter, demonstrated by modifying modules/tool/url2header.php. This indicates improper handling of user-controlled input in the vulnerable...

CVE-2008-6983

modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gvfolderdata parameter, as demonstrated by modifying modules/tool/url2header.php...

devalcms 1.4a XSS / Remote Code Execution Exploit

No description provided by source. !/usr/bin/python devalcms v1.4a Remote Code Execution Exploit / Xss AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Download :...

devalcms-xssexec.txt

!/usr/bin/python devalcms v1.4a Remote Code Execution Exploit / Xss AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Download :...

devalcms 1.4a XSS / Remote Code Execution Exploit

Exploit for unknown platform in category web applications ================================================= devalcms 1.4a XSS / Remote Code Execution Exploit ================================================= !/usr/bin/python devalcms v1.4a Remote Code Execution Exploit / Xss Discovered by : IRCRA...

Devalcms 1.4a - Cross-Site Scripting Remote Code Execution

Devalcms 1.4a - Cross-Site Scripting Remote Code Execution !/usr/bin/python devalcms v1.4a Remote Code Execution Exploit / Xss AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina...

Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution

!/usr/bin/python devalcms v1.4a Remote Code Execution Exploit / Xss AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Download :...

Directory traversal

Directory traversal vulnerability in func.php in Devalcms 1.4a, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the currentpath parameter, in conjunction with certain ... triple dot and ..... sequences in the currentfile...

CVE-2008-2913

Directory traversal vulnerability in func.php in Devalcms 1.4a, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the currentpath parameter, in conjunction with certain ... triple dot and ..... sequences in the currentfile...