12 matches found
CVE-2018-10523
CMS Made Simple CMSMS through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajaxgettemplates.php, /modules/DesignManager/action.ajaxgetstylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php...
The vulnerability of the filemanager module in the CMS system Netcat, which allows a hacker to execute arbitrary JavaScript code
The vulnerability of the filemanager module in the CMS system Netcat exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
PT-2024-5676 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS filemanager module affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the filemanager module of the Netcat CMS system. This could allow a remote attacker to execute...
PT-2024-5678 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection for the web page structure in the filemanager module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScript...
CMS Made Simple <= 1.2.4 (FileManager module) File Upload Exploit
No description provided by source. ?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX mail.....:...
CVE-2012-3805
Multiple cross-site scripting XSS vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 absendername, 2 absenderemail, or 3 absendernachricht parameter to the content page; 4...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 absendername, 2 absenderemail, or 3 absendernachricht parameter to the content page; 4...
CVE-2008-2267
The CVE-2008-2267 entry concerns CMS Made Simple (CMSMS) 1.2.4 and earlier, where the FileManager module’s Postlet component (javaUpload.php) uses an incomplete blacklist. This allows remote attackers to upload a file whose name ends with extensions such as .jsp, .php3, .cgi, .dhtml, .phtml, .php...
CMS Made Simple <= 1.2.4 (FileManager module) File Upload Exploit
No description provided by source. ?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX...
cmsmadesimple-upload.txt
?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...
CMS Made Simple <= 1.2.4 (FileManager module) File Upload Exploit
Exploit for unknown platform in category web applications ================================================================= CMS Made Simple = 1.2.4 FileManager module File Upload Exploit ================================================================= ?php /...
CMS Made Simple 1.2.4 Module FileManager - Arbitrary File Upload
?php / --------------------------------------------------------------------------- CMS Made Simple = 1.2.4 FileManager module Arbitrary File Upload Exploit --------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...