514 matches found
CVE-2008-3708
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. dot dot in the id parameter to 1 news/index.dot and 2 gettingstarted/macros/macrosdetail.dot...
CVE-2008-3708
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. dot dot in the id parameter to 1 news/index.dot and 2 gettingstarted/macros/macrosdetail.dot...
CVE-2008-3708
DotCMS 1.6.0.9 is affected by multiple directory traversal vulnerabilities that allow remote attackers to read arbitrary files by injecting a .. in the id parameter of news/index.dot and getting_started/macros/macros_detail.dot. The root cause is insufficient input sanitization in these scripts, ...
dotCMS Multiple Script id Parameter Traversal Local File Inclusion
The remote host is using dotCMS, an open source J2EE / Java web content management system. The version of dotCMS installed on the remote host fails to sanitize input to the 'id' parameter of the 'news/index.dot' and 'gettingstarted/macros/macrosdetail.dot' scripts before using it to access files...
dotcms-lfi.txt
++++++++++++++++++++++++++++++++++++++++++++++++++++++ + script:dotCMS + home: http://www.dotcms.org + demo: http://www.dotcms.org/thedotcms/demos/demo.dot + founder: Don of h4cky0u.org + Vulnerability: Directory traversal ++++++++++++++++++++++++++++++++++++++++++++++++++++++ exploit:...
dotCMS 1.6 - id Local File Inclusion
dotCMS 1.6 - id Local File Inclusion ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + script:dotCMS + home: http://www.dotcms.org + demo: http://www.dotcms.org/thedotcms/demos/demo.dot + founder: Don of h4cky0u.org + Vulnerability: Directory traversal...
dotCMS 1.6 - 'id' Local File Inclusion
++++++++++++++++++++++++++++++++++++++++++++++++++++++ + script:dotCMS + home: http://www.dotcms.org + demo: http://www.dotcms.org/thedotcms/demos/demo.dot + founder: Don of h4cky0u.org + Vulnerability: Directory traversal ++++++++++++++++++++++++++++++++++++++++++++++++++++++ exploit:...
dotCMS 1.6 (id) Multiple Local File Inclusion Vulnerabilities
Exploit for unknown platform in category web applications ============================================================= dotCMS 1.6 id Multiple Local File Inclusion Vulnerabilities ============================================================= ++++++++++++++++++++++++++++++++++++++++++++++++++++++ ...
dotCMS 1.6 (id) Multiple Local File Inclusion Vulnerabilities
No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + script:dotCMS + home: http://www.dotcms.org + demo: http://www.dotcms.org/thedotcms/demos/demo.dot + founder: Don of h4cky0u.org + Vulnerability: Directory traversal...
dotCMS search-results.dot search_query Parameter XSS
The remote host is using dotCMS, an open source J2EE / Java web content management system. The version of dotCMS installed on the remote host fails to sanitize input to the 'searchquery' parameter of the 'search-results.dot' script before using it to generate dynamic HTML output. An attacker may ...
Cross site scripting
Cross-site scripting XSS vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-2397
Cross-site scripting XSS vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-2397
Cross-site scripting XSS vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-2397
The CVE-2008-2397 is an XSS vulnerability in dotCMS 1.x, affecting the search-results.dot component via the search_query parameter. The underlying issue is failure to sanitize this input, enabling remote attackers to inject arbitrary HTML/JavaScript into a user’s browser. Connected sources (Nessu...