28 matches found
EUVD-2015-1561
Malware in sbrugna...
EUVD-2015-1562
Malware in sbrugna...
EUVD-2015-1560
Malware in sbrugna...
CVE-2015-1425
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities...
CVE-2015-1425
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities...
Input validation
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities...
CVE-2015-1425
Technical details (affected products, vulnerable components, exploit conditions) are not publicly provided in the connected documents. Monitor for updates from vendors, NVD, or advisories to obtain concrete information.
CVE-2015-1425
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities...
CVE-2015-1424
Cross-site request forgery CSRF vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php...
CVE-2015-1423
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the 1 jakdeletelog or 2 ssp parameter to admin/index.php...
CVE-2015-1422
Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...
Sql injection
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the 1 jakdeletelog or 2 ssp parameter to admin/index.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php...
CVE-2015-1422
Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...
CVE-2015-1422
CVE-2015-1422 covers multiple XSS flaws in Gecko CMS 2.2 and 2.3. The vulnerabilities allow remote attackers to inject arbitrary script/HTML via a long list of parameters (e.g., horder[], jak_catid, jak_content, jak_css, …, type) passed to admin/index.php or js/editor/plugins/filemanager/dialog.p...
CVE-2015-1424
Gecko CMS versions 2.2 and 2.3 are affected by a Cross‑Site Request Forgery (CSRF) vulnerability that allows an attacker to hijack administrator authentication by issuing a crafted newuser request to admin/index.php. The flaw enables an attacker to add a new administrator account and thereby gain...
CVE-2015-1424
Cross-site request forgery CSRF vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php...
EUVD-2015-1559
Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...
CVE-2015-1423
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the 1 jakdeletelog or 2 ssp parameter to admin/index.php...