47 matches found
EUVD-2015-1503
Malware in sbrugna...
EUVD-2015-5484
Malware in sbrugna...
EUVD-2015-6529
Malware in sbrugna...
EUVD-2015-5485
Malware in sbrugna...
EUVD-2015-1502
Malware in sbrugna...
EUVD-2014-4995
Malware in sbrugna...
CVE-2015-1363
Cross-site scripting XSS vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/...
CVE-2015-5530
Multiple cross-site request forgery CSRF vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/...
CVE-2015-5529
Multiple cross-site scripting XSS vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 name parameter to dashboard/settings/categories/, 2 title or 3 rel parameter to dashboard/settings/links/, or 4 url parameter to...
CVE-2015-1364
SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/...
CVE-2014-4170
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information...
Privilege escalation
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information...
CVE-2014-4170
CVE-2014-4170 describes an improper access control vulnerability in ArticleFR (Free Reprintables) where the data.php script lacks sufficient restrictions. A remote attacker can issue crafted requests to /data.php and execute arbitrary UPDATE SQL commands, enabling modification or deletion of data...
CVE-2015-6591
The CVE-2015-6591 entry concerns Free Reprintables ArticleFR 3.0.7 and earlier. It affects the web application path application/templates/amelia/loadjs.php, where the s parameter is used to read files via file_get_contents without proper validation, enabling local arbitrary file read by a non-aut...
CVE-2015-6591
Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter...
articleFR 3.0.7 Arbitrary File Read
Exploit Title: articleFR any file read vulnerability in v3.0.7 Date: 2015-09-06 Vendor: Free Reprintables Exploit Author: cfreer & 0keeTeam Product web page: http://www.freereprintables.com Version: 3.0.7 CVE : CVE-2015-6591 Details of the vulnerability are as follows: Affected version: Version...
Free Reprintables ArticleFR Has Multiple Cross-Site Request Forgery Vulnerabilities
Free Reprintables ArticleFR is an article directory scripting system from Free Reprintables Philippines. Free Reprintables ArticleFR 3.0.6 suffers from multiple cross-site request forgery vulnerabilities that allow remote attackers to hijack an administrator authentication request to add an...
Free Reprintables ArticleFR Cross-Site Scripting Vulnerability
ArticleFR is an article directory and content catalog system. Multiple cross-site scripting vulnerabilities exist in Free Reprintables ArticleFR version 3.0.6, which stem from the dashboard/settings/categories/ URI not sufficiently filtering the 'name' parameter, the dashboard/settings/links/ URI...
CVE-2015-5530
Multiple cross-site request forgery CSRF vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/...
CVE-2015-5529
Multiple cross-site scripting XSS vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 name parameter to dashboard/settings/categories/, 2 title or 3 rel parameter to dashboard/settings/links/, or 4 url parameter to...