16 matches found
Horizon QCMS 4.0 'category' 参数SQL注入漏洞
受影响系统 Horizon QCMS Horizon QCMS 测试方法: -------------------------------------------------------------------------------- 警 告 以下程序方法可能带有攻击性,仅供安全研究与教学之用。使用者风险自负! http://host/download.php?category=%27%20union%20select%201,2,version,4,5,6%20--%202 建议:...
Horizon QCMS 4.0 /lib/functions/d-load.php Directory Traversal
No description provided by source...
Horizon QCMS Multiple Vulnerabilities
Horizon QCMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Horizon QCMS 4.0 - Multiple Vulnerabilities
Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013 Public Disclosure: January 8,...
Horizon QCMS 4.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013...
Horizon QCMS 4.0 - Multiple Vulnerabilities
Horizon QCMS 4.0 - Multiple Vulnerabilities Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch:...
CVE-2013-7138
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the start parameter...
CVE-2013-7139
SQL injection vulnerability in download.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter...
Directory traversal
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the start parameter...
CVE-2013-7139
SQL injection vulnerability in download.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter...
CVE-2013-7138
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System QCMS 4.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the start parameter...
CVE-2013-7138
Vulnerability (CVE-2013-7138) in Horizon QCMS (4.0 and earlier) is a directory traversal in lib/functions/d-load.php exploited via the start parameter, allowing an attacker to read arbitrary files (e.g., /config.php) with the web server’s privileges. The vulnerability is confirmed by multiple sou...
Horizon QCMS "/lib/functions/d-load.php"目录遍历漏洞
CVE ID:CVE-2013-7138 Horizon QCMS是支持PHP与MySQL的开放源码的Horizon快速内容管理系统。 该漏洞的存在是由于传递到"/lib/functions/d-load.php"脚本的"start" HTTP GET参数"fopen"方法中被使用前没有足够过滤,远程攻击者可以以Web服务器的权限在目标系统上读取任意文件内容。 0 Horizon QCMS=4.0 厂商补丁: Horizon ----- Horizon 4.0版本以修复此漏洞,建议用户下载使用:...
Multiple Vulnerabilities in Horizon QCMS
Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013 Public Disclosure: January 8,...
Horizon QCMS 4.0 SQL Injection / Directory Traversal
Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Versions: 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013 Public Disclosure: January 8,...
Multiple Vulnerabilities in Horizon QCMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Horizon QCMS, which can be exploited to read contents of arbitrary files and perform SQL Injection attacks. 1 Path Traversal in Horizon QCMS: CVE-2013-7138 The vulnerability exists due to insufficient filtration of...