16 matches found
Horizon QCMS 4.0 'category' 参数SQL注入漏洞
受影响系统 Horizon QCMS Horizon QCMS 测试方法: -------------------------------------------------------------------------------- 警 告 以下程序方法可能带有攻击性,仅供安全研究与教学之用。使用者风险自负! http://host/download.php?category=%27%20union%20select%201,2,version,4,5,6%20--%202 建议:...
Horizon QCMS 4.0 /lib/functions/d-load.php Directory Traversal
No description provided by source...
Horizon QCMS Multiple Vulnerabilities
Horizon QCMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Horizon QCMS 4.0 - Multiple Vulnerabilities
Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013 Public Disclosure: January 8,...
Horizon QCMS 4.0 - Multiple Vulnerabilities
Horizon QCMS 4.0 - Multiple Vulnerabilities Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch:...
Horizon QCMS 4.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013...
CVE-2013-7139
SQL injection vulnerability in download.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter...
CVE-2013-7138
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the start parameter...
Directory traversal
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the start parameter...
CVE-2013-7139
SQL injection vulnerability in download.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter...
CVE-2013-7138
Vulnerability (CVE-2013-7138) in Horizon QCMS (4.0 and earlier) is a directory traversal in lib/functions/d-load.php exploited via the start parameter, allowing an attacker to read arbitrary files (e.g., /config.php) with the web server’s privileges. The vulnerability is confirmed by multiple sou...
CVE-2013-7138
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the start parameter...
Horizon QCMS "/lib/functions/d-load.php"目录遍历漏洞
CVE ID:CVE-2013-7138 Horizon QCMS是支持PHP与MySQL的开放源码的Horizon快速内容管理系统。 该漏洞的存在是由于传递到"/lib/functions/d-load.php"脚本的"start" HTTP GET参数"fopen"方法中被使用前没有足够过滤,远程攻击者可以以Web服务器的权限在目标系统上读取任意文件内容。 0 Horizon QCMS=4.0 厂商补丁: Horizon ----- Horizon 4.0版本以修复此漏洞,建议用户下载使用:...
Multiple Vulnerabilities in Horizon QCMS
Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013 Public Disclosure: January 8,...
Horizon QCMS 4.0 SQL Injection / Directory Traversal
Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013 Public Disclosure: January 8,...
Multiple Vulnerabilities in Horizon QCMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Horizon QCMS, which can be exploited to read contents of arbitrary files and perform SQL Injection attacks. 1 Path Traversal in Horizon QCMS: CVE-2013-7138 The vulnerability exists due to insufficient filtration of...