39 matches found
EUVD-2012-6367
Malware in sbrugna...
EUVD-2011-5040
Malware in sbrugna...
EUVD-2012-6369
Malware in sbrugna...
EUVD-2012-6368
Malware in sbrugna...
EUVD-2010-3205
Malware in sbrugna...
DIY-CMS blog mod SQL Injection (CVE-2011-5140)
An SQL injection vulnerability has been reported in DIY-CMS blog mod. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
DIY CMS 1.0 Poll - Multiple Vulnerabilities
No description provided by source...
DIY-CMS blog mod SQL Injection Vulnerability
No description provided by source. Exploit Title: DIY-CMS blog mod SQL Injection Author: snup Contact: [email protected] Site: http://e-o-u.org SQL Injection: DORK: inurl:mod.php?mod=blog intext:powered by DIY-CMS inurl:mod.php?mod=blog BUG:...
DiY-CMS 1.0 - Multiple Remote File Inclusion Vulnerabilities
No description provided by source...
CVE-2012-6519
SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php...
CVE-2012-6517
Multiple cross-site scripting XSS vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 question parameter to in /modules/poll/add.php or 2 question or 3 answer parameter to modules/poll/edit.php...
CVE-2012-6518
Cross-site request forgery CSRF vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 question parameter to in /modules/poll/add.php or 2 question or 3 answer parameter to modules/poll/edit.php...
Sql injection
SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php...
CVE-2012-6519
The CVE-2012-6519 issue affects DIY-CMS 1.0, where an SQL injection flaw exists in modules/poll/index.php. The vulnerability is triggered by the start parameter to mod.php, allowing remote attackers to execute arbitrary SQL commands. The impact is described as enabling data access/ modification w...
CVE-2012-6518
CVE-2012-6518 is a CSRF vulnerability affecting DiY-CMS 1.0, where mod.php allows attackers to hijack administrator authentication by crafting requests to the poll module’s add action. The issue arises from insufficient CSRF protections in the poll creation workflow, enabling unauthorized actions...
CVE-2012-6517
Multiple cross-site scripting XSS vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 question parameter to in /modules/poll/add.php or 2 question or 3 answer parameter to modules/poll/edit.php...
CVE-2012-6518
Cross-site request forgery CSRF vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module...
CVE-2012-6517
DiY-CMS 1.0 is affected by multiple XSS vulnerabilities allowing remote attackers to inject arbitrary script/HTML via (1) the question parameter to /modules/poll/add.php and (2) the question or (3) the answer parameter to /modules/poll/edit.php. The root cause is unsafe handling of input leading ...
CVE-2012-6519
SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php...