31 matches found
EUVD-2012-6363
Malware in sbrugna...
EUVD-2010-2058
Malware in sbrugna...
EUVD-2010-2059
Malware in sbrugna...
CVE-2012-6513
Cross-site scripting XSS vulnerability in index.php/AdminPreferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter...
gpEasy CMS 4.4 Cross Site Scripting
Affected software: gpeasy cms Type of vulnerability:stored xss URL:gpeasy.com Discovered by: provensec Website: provensec.com version: gpEasy 4.4 Proof of concept goto edit layout and fill filed with xss payload " and save it javascript will execute --20cf303f64d02dcd89051578f782 Content-Type:...
CVE-2013-0807
Cross-site scripting XSS vulnerability in the NewSectionPrompt function in include/tool/editingpage.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a newsection action to index.php...
CVE-2013-0807
gpEasy CMS 3.5.2 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability in the NewSectionPrompt function (include/tool/editing_page.php). The issue arises from insufficient sanitisation of the section parameter in the new_section action to index.php, enabling an attacker to inject...
gpEasy 4.3.x XSS / File Inclusion / Shell Upload
Document Title: =============== gpEasy v4.3.x CMS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1189 Release Date: ============= 2014-02-06 Vulnerability Laboratory ID VL-ID: ==================================== 1189 Comm...
gpEasy v4.3.x CMS - Multiple Web Vulnerabilities
Document Title: =============== gpEasy v4.3.x CMS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1189 Release Date: ============= 2014-02-05 Vulnerability Laboratory ID VL-ID: ==================================== 1189 Comm...
gpEasy CMS 4.0 Shell Upload Vulnertability
gpEasy CMS version 4.0 suffers from a remote shell upload vulnerability. Exploit Title : gpEasy CMS Malicious File Upload Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://gpeasy.com/ Software Link : http://gpeasy.com/SpecialgpEasy?cmd=dlzip Versio...
gpEasy CMS 4.0 Shell Upload
Exploit Title : gpEasy CMS Malicious File Upload Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://gpeasy.com/ Software Link : http://gpeasy.com/SpecialgpEasy?cmd=dlzip Version : 4.0 Tested on : Window and Linux...
CVE-2012-6513
Cross-site scripting XSS vulnerability in index.php/AdminPreferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php/AdminPreferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter...
CVE-2012-6513
Cross-site scripting XSS vulnerability in index.php/AdminPreferences in gpEasy CMS 2.3.3 allows remote attackers to inject arbitrary web script or HTML via the jsoncallback parameter...
CVE-2012-6513
CVE-2012-6513 is an XSS vulnerability in gpEasy CMS 2.3.3: index.php/Admin_Preferences accepts jsoncallback leading to remote injection of arbitrary web script/HTML. Impact: arbitrary script execution in affected contexts. Documented exploit exists (Exploit-DB 37104). No patch/version details pro...
gpEasy CMS - section Cross-Site Scripting
gpEasy CMS - section Cross-Site Scripting source: https://www.securityfocus.com/bid/57522/info gpEasy CMS is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
gpEasy CMS - 'section' Cross-Site Scripting
source: https://www.securityfocus.com/bid/57522/info gpEasy CMS is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
CVE-2010-2039
Cross-site request forgery CSRF vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an AdminUsers action to index.php. NOTE: some of these details are obtained from third...
CVE-2010-2039
Cross-site request forgery CSRF vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an AdminUsers action to index.php. NOTE: some of these details are obtained from third...
CVE-2010-2038
Cross-site scripting XSS vulnerability in include/tool/editingfiles.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these details are obtained from third party informati...