Lucene search
K

163 matches found

Prion
Prion
added 2018/11/21 9:29 p.m.23 views

Design/Logic Flaw

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

4CVSS5.3AI score0.00777EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/11/21 9:29 p.m.20 views

CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

4CVSS4.2AI score0.00777EPSS
Exploits1References1
NVD
NVD
added 2018/11/21 9:29 p.m.19 views

CVE-2018-19420

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g., the test or test.asdf filename, because of admin/upload-uploadify.php, and validatesafefile in...

4CVSS4AI score0.00777EPSS
Exploits1References1
Prion
Prion
added 2018/11/21 9:29 p.m.24 views

Code injection

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g., the test or test.asdf filename, because of admin/upload-uploadify.php, and validatesafefile in...

4CVSS5.3AI score0.00777EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/11/21 9:29 p.m.34 views

CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

3.8CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2018/11/21 9:29 p.m.20 views

CVE-2018-19420

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g., the test or test.asdf filename, because of admin/upload-uploadify.php, and validatesafefile in...

3.8CVSS6.4AI score
Exploits0References1
Cvelist
Cvelist
added 2018/11/21 9:0 p.m.20 views

CVE-2018-19421

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

5.5AI score0.00777EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/21 9:0 p.m.24 views

CVE-2018-19420

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g., the test or test.asdf filename, because of admin/upload-uploadify.php, and validatesafefile in...

5.3AI score0.00777EPSS
Exploits1References1
CVE
CVE
added 2018/11/21 9:0 p.m.87 views

CVE-2018-19420

In GetSimpleCMS 3.3.15, an HTML-execution vulnerability exists in the upload handling path. Although admin/upload.php blocks .html uploads, HTML can still be executed via edge cases such as files with no extension or unrecognized extensions (e.g., test or test.asdf) through the interaction with a...

4CVSS4.4AI score0.00777EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/11/21 9:0 p.m.66 views

CVE-2018-19421

CVE-2018-19421 affects GetSimpleCMS 3.3.15. The vulnerability arises in the upload handling: admin/upload-uploadify.php and the validation routine in admin/inc/security_functions.php interact with admin/upload.php, which blocks .html uploads but allows Internet Explorer to render HTML elements co...

4CVSS4.5AI score0.00777EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2015/07/27 12:0 a.m.54 views

XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5

Vulnerability: XSS, Code Execution, DOS, Password Leak, Weak Authentication Affected Software: GetSimpleCMS http://get-simple.info/ Affected Version: 3.3.5 probably also prior versions Patched Version: 3.3.6 partial fix Risk: Medium-High Vendor Contacted: 2015-06-14 Vendor Partial Fix: 2015-07-14...

0.4AI score
Exploits0
0day.today
0day.today
added 2015/07/18 12:0 a.m.37 views

GetSimpleCMS 3.3.5 Multiple Vulnerabilities

Exploit for php platform in category web applications Vulnerability: XSS, Code Execution, DOS, Password Leak, Weak Authentication Affected Software: GetSimpleCMS http://get-simple.info/ Affected Version: 3.3.5 probably also prior versions Patched Version: 3.3.6 partial fix Risk: Medium-High Vendo...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/07/15 12:0 a.m.29 views

GetSimpleCMS 3.3.5 XSS / Code Execution / DoS / Weak Auth

Vulnerability: XSS, Code Execution, DOS, Password Leak, Weak Authentication Affected Software: GetSimpleCMS http://get-simple.info/ Affected Version: 3.3.5 probably also prior versions Patched Version: 3.3.6 partial fix Risk: Medium-High Vendor Contacted: 2015-06-14 Vendor Partial Fix: 2015-07-14...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2014/09/27 12:0 a.m.30 views

Get Simple CMS 3.3.3 Information Disclosure / XSS

GetSimpleCMS3.3.3 multi Vulnerability ====================================== Author : indoushka Vondor : http://get-simple.info/ Dork: © 2009-2014 GetSimple CMS – Version 3.3.3 ================================================== info : http://127.0.0.1/GetSimpleCMS3/backups/users/admin.xml.bak...

0.1AI score
Exploits0
Metasploit
Metasploit
added 2014/09/19 9:59 p.m.258 views

GetSimpleCMS PHP File Upload Vulnerability

This module exploits a file upload vulnerability in GetSimple CMS. By abusing the upload.php file, a malicious authenticated user can upload an arbitrary file, including PHP code, which results in arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Current...

Exploits0
Packet Storm
Packet Storm
added 2014/09/19 12:0 a.m.25 views

GetSimpleCMS PHP File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'GetSimpleCMS PHP File Upload Vulnerability', 'Description' = %q This module exploits a file upload vulnerability in GetSimple CMS. By...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

GetSimpleCMS 3.2.1 - Arbitrary File Upload Vulnerability

No description provided by source. GetSimpleCMS Version 3.2.1 Arbitrary File Upload Vulnerability =================================================================================== Exploit Title: GetSimpleCMS Version 3.2.1 Arbitrary File Upload Vulnerability Download link:...

7.1AI score
Exploits0
myhack58
myhack58
added 2013/05/15 12:0 a.m.29 views

GetSimpleCMS 3.2.1 arbitrary file upload-vulnerability warning-the black bar safety net

Title: GetSimpleCMS Version 3.2.1 Arbitrary File Upload Vulnerability Download address: http://code.google.com/p/get-simple-cms/ Affected version: 3.2.1 Tested: ubuntu 13.4 Author: Ahmed Elhady Mohamed Overview: - GetSimpleCMS Version 3.2.1 suffers from arbitrary file upload vulnerability which...

0.8AI score
Exploits0
exploitpack
exploitpack
added 2013/05/13 12:0 a.m.12 views

Getsimple CMS 3.2.1 - Arbitrary File Upload

Getsimple CMS 3.2.1 - Arbitrary File Upload GetSimpleCMS Version 3.2.1 Arbitrary File Upload Vulnerability =================================================================================== Exploit Title: GetSimpleCMS Version 3.2.1 Arbitrary File Upload Vulnerability Download link:...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2013/05/13 12:0 a.m.46 views

Getsimple CMS 3.2.1 - Arbitrary File Upload

GetSimpleCMS Version 3.2.1 Arbitrary File Upload Vulnerability =================================================================================== Exploit Title: GetSimpleCMS Version 3.2.1 Arbitrary File Upload Vulnerability Download link: http://code.google.com/p/get-simple-cms/ version: 3.2.1...

7.4AI score
Exploits0
Rows per page
Query Builder