Lucene search
K

519 matches found

CNVD
CNVD
added 2016/11/10 12:0 a.m.4 views

DotCMS SQL Injection Vulnerability (CNVD-2016-11006)

DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A SQL injection vulnerability exists in the Content Types Content Types screen in versions of DotCMS prior to...

8.8CVSS8.5AI score0.01995EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2016/11/02 12:0 a.m.24 views

dotCMS < 3.3.2 SQLi Vulnerability

dotCMS is prone to a SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dotcms:dotcms"; if...

7.2CVSS7.5AI score0.01327EPSS
Exploits2References1
0day.today
0day.today
added 2016/11/02 12:0 a.m.73 views

dotCMS 3.x SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Multiple SQL injection vulnerabilities in dotCMS 8x CVE Credit: Elar Lang / https://security.elarlang.eu Vendor/Product: dotCMS http://dotcms.com/ Vulnerability: SQL injection Vulnerable version: before 3.5; 3.3.1 and 3.3.2 depends on C...

7.5CVSS7.9AI score0.0275EPSS
Exploits9
OpenVAS
OpenVAS
added 2016/11/02 12:0 a.m.32 views

dotCMS < 3.3.1 Multiple SQLi Vulnerabilities - Active Check

dotCMS is prone to multiple SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dotcms:dotcms"; i...

9.8CVSS7.3AI score0.0275EPSS
Exploits9References1
Packet Storm
Packet Storm
added 2016/11/01 12:0 a.m.50 views

dotCMS 3.x SQL Injection

Title: Multiple SQL injection vulnerabilities in dotCMS 8x CVE Credit: Elar Lang / https://security.elarlang.eu Vendor/Product: dotCMS http://dotcms.com/ Vulnerability: SQL injection Vulnerable version: before 3.5; 3.3.1 and 3.3.2 depends on CVE CVE: CVE-2016-8902, CVE-2016-8903, CVE-2016-8904,...

7.5CVSS7.8AI score0.0275EPSS
Exploits9
NVD
NVD
added 2016/10/28 3:59 p.m.17 views

CVE-2016-8600

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later...

7.5CVSS7.6AI score0.0175EPSS
Exploits2References4
OSV
OSV
added 2016/10/28 3:59 p.m.11 views

CVE-2016-8600

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later...

7.5CVSS7.6AI score0.0175EPSS
Exploits2References4
Prion
Prion
added 2016/10/28 3:59 p.m.16 views

Code injection

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later...

5CVSS7.1AI score0.0175EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2016/10/28 3:0 p.m.42 views

CVE-2016-8600

dotCMS CAPTCHA bypass vulnerability (CVE-2016-8600) affects dotCMS 3.2.1, where the CAPTCHA code can be reused within the same session: after loading a CAPTCHA, an attacker can submit the form with that correct code for subsequent checks. Root cause: last loaded CAPTCH A code persists in the sess...

7.5CVSS7.5AI score0.0175EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2016/10/28 3:0 p.m.18 views

CVE-2016-8600

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later...

7.6AI score0.0175EPSS
Exploits2References4
CNVD
CNVD
added 2016/10/24 12:0 a.m.3 views

DotCMS Security Bypass Vulnerability

DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . DotCMS has a security bypass vulnerability that can be exploited by attackers to bypass security restrictions a...

7.5CVSS6.9AI score0.0175EPSS
Exploits2References1
0day.today
0day.today
added 2016/10/20 12:0 a.m.38 views

dotCMS CAPTCHA Bypass Vulnerability

Exploit for php platform in category web applications Title: CVE-2016-8600 dotCMS - CAPTCHA bypass by reusing valid code Credit: Elar Lang / https://security.elarlang.eu Vulnerability: CAPTCHA bypass by re-using last loaded valid CAPTCHA code Vulnerable version: before 3.6.0 CVE: CVE-2016-8600...

5CVSS7.7AI score0.0175EPSS
Exploits2
OpenVAS
OpenVAS
added 2016/07/05 12:0 a.m.41 views

dotCMS Detection (HTTP)

HTTP based detection of dotCMS. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.106114";...

5.8AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/07/05 12:0 a.m.47 views

dotCMS < 3.3.2 Multiple Vulnerabilities

dotCMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dotcms:dotcms"; if description...

9.8CVSS5.5AI score0.02201EPSS
Exploits8References5
NVD
NVD
added 2016/06/30 5:59 p.m.24 views

CVE-2016-4803

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject...

7.5CVSS7.5AI score0.02201EPSS
Exploits2References4
OSV
OSV
added 2016/06/30 5:59 p.m.8 views

CVE-2016-4803

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject...

7.5CVSS7.6AI score0.02201EPSS
Exploits2References4
Prion
Prion
added 2016/06/30 5:59 p.m.16 views

Crlf injection

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject...

5CVSS7.5AI score0.02201EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2016/06/30 5:0 p.m.28 views

CVE-2016-4803

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject...

7.8AI score0.02201EPSS
Exploits2References4
CVE
CVE
added 2016/06/30 5:0 p.m.47 views

CVE-2016-4803

CVE-2016-4803 affects dotCMS prior to 3.3.2, where the sendEmail functionality is vulnerable to CRLF injection in the subject, enabling remote attackers to inject arbitrary email headers. Root cause is unsanitized CRLF sequences in email header fields. Impact described as header injection risk fo...

7.5CVSS8AI score0.02201EPSS
Exploits2References4Affected Software1
CNVD
CNVD
added 2016/05/27 12:0 a.m.3 views

DotCMS Email Header Injection Vulnerability

DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A security vulnerability exists in DotCMS versions prior to 3.5 and prior to 3.3.2. An attacker can exploit the...

7.5CVSS9.2AI score0.02201EPSS
Exploits2References1
Rows per page
Query Builder