EUVD-2017-1445

Malware in sbrugna...

EUVD-2014-5275

Malware in sbrugna...

CVE-2012-1915

EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xssclean Filter and perform XSS attacks...

Design/Logic Flaw

EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xssclean Filter and perform XSS attacks...

CVE-2012-1915

EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xssclean Filter and perform XSS attacks...

CVE-2012-1915

CVE-2012-1915 affects EllisLab CodeIgniter up to version 2.1.1; CodeIgniter 2.1.2 fixes bypasses of the xss_clean() filter in system/core/Security.php, enabling XSS that could bypass input filtering. Documented bypass vectors include various HTML tag/attribute configurations that bypass the filte...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

Cross site scripting

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting that results in PHP code injection. Affected product/version is explicitly stated (ExpressionEngine 3.4.2). The impact is described as XSS leading to PHP code execution, with no explicit exploit details, vectors, or affected co...

EllisLab ExpressionEngine Weak Password Vulnerability

EllisLab ExpressionEngine is the United States EllisLab company's set of content management system CMS, it provides Web publishing, template engine and attachment components and other modules. A security vulnerability exists in EllisLab ExpressionEngine version 2.x prior to 2.11.8 and version 3.x...

EllisLab CodeIgniter Arbitrary Code Execution Vulnerability

EllisLab CodeIgniter is the United States EllisLab company for PHP web developers to use a set of application development framework and toolkit . A security vulnerability exists in the system/libraries/Email.php file in EllisLab CodeIgniter versions prior to 3.1.3. A remote attacker can exploit...

CVE-2014-5387

Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 columnfilter or 2 category parameter to system/index.php or the 3 tblsort0 parameter in the comment module to system/index.php...

Sql injection

Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 columnfilter or 2 category parameter to system/index.php or the 3 tblsort0 parameter in the comment module to system/index.php...

CVE-2014-5387

Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 columnfilter or 2 category parameter to system/index.php or the 3 tblsort0 parameter in the comment module to system/index.php...

CVE-2014-5387

EllisLab ExpressionEngine Core is affected by multiple SQL injection vulnerabilities in versions prior to 2.9.1. An authenticated attacker can abuse vulnerable parameters (column_filter, category[] in system/index.php; tbl_sort[0][] in the comment module’s system/index.php) to execute arbitrary S...

EllisLab ExpressionEngine Core SQL Injection

Vulnerability title: Multiple Authenticated SQL Injections in EllisLab ExpressionEngine Core CVE: CVE-2014-5387 Vendor: EllisLab Product: ExpressionEngine Core Affected version: Versions earlier than 2.9.0 Fixed version: 2.9.1 Reported by: Jerzy Kramarz and Alex Murillo Moya Details: SQL injectio...

ExpressionEngine: Cross Site Scripting (Stored)

Occurred in the URL : https://store.ellislab.com/billing After adding a product to the cart proceed to add the billing and card information and in the card fields give your card details respectively and in the fields 1. First name 2. Last name 3. Street Address 4. Apt/Suite/ 5. City. Give the...

MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter

CVE: CVE-2011-4025 Vendor: EllisLab Products: ExpressionEngine 2.2.2, CodeIgniter 2.0.3 Vulnerabilities: xssclean filter bypass, leading to Cross-Site Scripting XSS Risk: High Attack Vector: From Remote Reference: http://secureappdev.blogspot.com/2011/11/ellislab-xssclean-filter-bypass.html 1...

CodeIgniter 'CI_Security' Class 'xss_clean()'过滤器安全绕过漏洞

Bugtraq ID: 50847 CVE ID：CVE-2011-4025 CodeIgniter是一套给PHP网站开发者使用的应用程序开发框架和工具包 依赖xssclean过滤器进行XSS保护的EllisLab ExpressionEngine和CodeIgniter存在跨站脚本漏洞，允许攻击者进行会话劫持，信息泄露，安装恶意软件等攻击。 CISecurity类的removeevilattributes函数和xssclean实现存在缺陷，内部XSS过滤器可被绕过，允许在使用EllisLab ExpressionEngine和CodeIgniter产品上进行成功的XSS攻击。...