EUVD-2006-6031

Malware in sbrugna...

EUVD-2006-3898

Malware in sbrugna...

Etomite CMS <= 0.6.1 (rfiles.php) Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Etomite CMS = 0.6.1 'rfiles.php' remote command execution\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo google dork: \Content managed by the Etomite Content Management...

Etomite CMS <= 0.6.1 (username) SQL Injection Exploit (mq = off)

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Etomite CMS = 0.6.1 all patches applied 'username' SQL injection / admin credentials disclosure\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo google dork: \Content managed...

Etomite CMS <= 0.6.1.2 (manager/index.php) Local File Include Exploit

No description provided by source. !/usr/bin/perl -w Etomite CMS Remote Command Execution Version: 0.6.1.2 Url: http://www.etomite.org Author : Alfredo Pesoli 'revenge' Description: Input passed to the 'f' parameter in /manager/index.php isn't properly verified before being used in an include...

Etomite CMS 1.0 Cross Site Scripting

/. /\ /\ /\ /\ / / // | | \ \ \ \ / / / /// / // / / / /// / // | / / \ | | | http://www.etomite.com/files/file/323-etomite-11/ Versions: 1.0 Tested on: Windows7 ------------------------------------------------------------------------------...

JVN#04329324: Etomite vulnerable to cross-site scripting

Etomite is a content management system CMS. Etomite contains an issue with the processing of contents in the search field, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

Etomite CMS id Parameter SQL Injection

The remote web server contains a PHP script that is affected by a SQL injection vulnerability. Description: The remote web server is running Etomite CMS, a PHP-based content management system. The version of Etomite CMS installed on the remote host fails to sanitize input to the...

Etomite CMS id Paramater SQL Injection

The remote web server contains a PHP script that is affected by a SQL injection vulnerability. Description: The remote web server is running Etomite CMS, a PHP-based content management system. The version of Etomite CMS installed on the remote host fails to sanitize input to the 'id' parameter...

CVE-2006-7070

Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile parameter with a filename that contains a .php extension followed by a valid image extension such as .gif...

CVE-2006-7070

Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile parameter with a filename that contains a .php extension followed by a valid image extension such as .gif...

CVE-2006-7070

CVE-2006-7070 affects Etomite CMS 0.6.1 and earlier. Unrestricted file upload via manager/media/ibrowser/scripts/rfiles.php using nfile[] allows a filename containing .php followed by a valid image extension (e.g., .gif or .jpg) and, after rename(), enables remote upload and execution of arbitrar...

Etomite CMS index.php id Parameter SQL Injection

The remote web server is running Etomite CMS, a PHP-based content management system. The version of Etomite CMS installed on the remote host fails to sanitize input to the 'id' parameter before using it in the 'index.php' script in a database query. Provided PHP's 'magicquotesgpc' setting is...

CVE-2006-6048

SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter...

Etomite CMS 0.6.1.2 Vulnerabilities + ContenNow 1.39 Vulnerabilities + Exploits

Etomite CMS 0.6.1.2 Multiple Vulnerabilities Severity : Medium risk Vendor : www.etomite.org Author : Alfredo Pesoli 'revenge' Secunia Advisory : SA22885 Security Focus BID : 21135 -------------------------------------------------- Description Etomite is a PHP Content Management System, more info...

CVE-2006-6048

SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2006-6048

Affected software: Etomite CMS (version 0.6.1.2). Vulnerability: SQL injection in the index.php script via the id parameter when magic_quotes_gpc is disabled. The issue allows an unauthenticated remote attacker to manipulate SQL queries and potentially access sensitive data or data within the dat...

etm_0612_sqlinj.pl.txt

!/usr/bin/perl -w use IO::Socket; use strict; Etomite CMS "id" SQL Injection Version: 0.6.1.2 Url: http://www.etomite.org Author : Alfredo Pesoli 'revenge' Description: The "id" parameter isn't properly sanitised before being returned in sql query and can be used to inject craft SQL queries, we c...

etm_0612_remote_com.pl.txt

!/usr/bin/perl -w Etomite CMS Remote Command Execution Version: 0.6.1.2 Url: http://www.etomite.org Author : Alfredo Pesoli 'revenge' Description: Input passed to the 'f' parameter in "/manager/index.php" isn't properly verified before being used in an include function, this can be exploited to...

Etomite CMS 0.6.1.2 Multiple Vulnerabilities &#40; Sql Injection + Local file inclusion &#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Etomite CMS 0.6.1.2 Multiple Vulnerabilities Severity : Medium risk Vendor : www.etomite.org Author : Alfredo Pesoli 'revenge' -------------------------------------------------- Description Etomite is a PHP Content Management System, more info can be...