Lucene search
K

16 matches found

seebug.org
seebug.org
added 2015/10/12 12:0 a.m.59 views

Horizon QCMS 4.0 'category' 参数SQL注入漏洞

受影响系统 Horizon QCMS Horizon QCMS 测试方法: -------------------------------------------------------------------------------- 警 告 以下程序方法可能带有攻击性,仅供安全研究与教学之用。使用者风险自负! http://host/download.php?category=%27%20union%20select%201,2,version,4,5,6%20--%202 建议:...

7.5CVSS6.4AI score0.01045EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Horizon QCMS 4.0 /lib/functions/d-load.php Directory Traversal

No description provided by source...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2014/01/17 12:0 a.m.26 views

Horizon QCMS Multiple Vulnerabilities

Horizon QCMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.4AI score0.01859EPSS
Exploits9References5
Exploit DB
Exploit DB
added 2014/01/14 12:0 a.m.56 views

Horizon QCMS 4.0 - Multiple Vulnerabilities

Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013 Public Disclosure: January 8,...

7.5CVSS6.4AI score0.01859EPSS
Exploits9
0day.today
0day.today
added 2014/01/14 12:0 a.m.66 views

Horizon QCMS 4.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013...

7.5CVSS6.5AI score0.01859EPSS
Exploits9
exploitpack
exploitpack
added 2014/01/14 12:0 a.m.53 views

Horizon QCMS 4.0 - Multiple Vulnerabilities

Horizon QCMS 4.0 - Multiple Vulnerabilities Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch:...

7.5CVSS0.2AI score0.01859EPSS
Exploits9
NVD
NVD
added 2014/01/09 6:55 p.m.23 views

CVE-2013-7138

Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the start parameter...

5CVSS6.5AI score0.01859EPSS
Exploits6References2
NVD
NVD
added 2014/01/09 6:55 p.m.22 views

CVE-2013-7139

SQL injection vulnerability in download.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter...

7.5CVSS8.1AI score0.01045EPSS
Exploits7References2
Prion
Prion
added 2014/01/09 6:55 p.m.19 views

Directory traversal

Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the start parameter...

5CVSS7AI score0.01859EPSS
Exploits6References2Affected Software1
Cvelist
Cvelist
added 2014/01/09 3:0 p.m.36 views

CVE-2013-7139

SQL injection vulnerability in download.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter...

8.1AI score0.01045EPSS
Exploits7References2
Cvelist
Cvelist
added 2014/01/09 3:0 p.m.28 views

CVE-2013-7138

Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the start parameter...

6.5AI score0.01859EPSS
Exploits6References2
CVE
CVE
added 2014/01/09 3:0 p.m.53 views

CVE-2013-7138

Vulnerability (CVE-2013-7138) in Horizon QCMS (4.0 and earlier) is a directory traversal in lib/functions/d-load.php exploited via the start parameter, allowing an attacker to read arbitrary files (e.g., /config.php) with the web server’s privileges. The vulnerability is confirmed by multiple sou...

5CVSS6.6AI score0.01859EPSS
Exploits6References2Affected Software1
seebug.org
seebug.org
added 2014/01/09 12:0 a.m.31 views

Horizon QCMS "/lib/functions/d-load.php"目录遍历漏洞

CVE ID:CVE-2013-7138 Horizon QCMS是支持PHP与MySQL的开放源码的Horizon快速内容管理系统。 该漏洞的存在是由于传递到"/lib/functions/d-load.php"脚本的"start" HTTP GET参数"fopen"方法中被使用前没有足够过滤,远程攻击者可以以Web服务器的权限在目标系统上读取任意文件内容。 0 Horizon QCMS=4.0 厂商补丁: Horizon ----- Horizon 4.0版本以修复此漏洞,建议用户下载使用:...

5CVSS6.5AI score0.01859EPSS
Exploits6
securityvulns
securityvulns
added 2014/01/09 12:0 a.m.72 views

Multiple Vulnerabilities in Horizon QCMS

Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013 Public Disclosure: January 8,...

7.5CVSS8AI score0.01859EPSS
Exploits9
Packet Storm
Packet Storm
added 2014/01/08 12:0 a.m.69 views

Horizon QCMS 4.0 SQL Injection / Directory Traversal

Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013 Public Disclosure: January 8,...

7.5CVSS6.4AI score0.01859EPSS
Exploits9
htbridge
htbridge
added 2013/12/18 12:0 a.m.40 views

Multiple Vulnerabilities in Horizon QCMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Horizon QCMS, which can be exploited to read contents of arbitrary files and perform SQL Injection attacks. 1 Path Traversal in Horizon QCMS: CVE-2013-7138 The vulnerability exists due to insufficient filtration of...

7.5CVSS8.2AI score0.01859EPSS
Exploits9Affected Software1
Rows per page
Query Builder