19 matches found
EUVD-2013-7108
Malware in sbrugna...
EUVD-2012-6145
Malware in sbrugna...
CVE-2013-7334
Cross-site request forgery CSRF vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q parameter, related to CVE-2012-6290...
ImageCMS 4.0.0b Multiple Vulnerabilities
这是一个组合利用的漏洞 在ImageCMS4.0.0b 中存在 后台SQL注入漏洞:CVE-2012-6290 http://host/admin/adminsearch?q=123%27%20UNION%20SELECT%201,2,version%28%29,4,5,6,7,8,9,10,11,1 2,13,14,15%20INTO%20OUTFILE%27/tmp/file.txt%27%20--%202 然后需要在网站上放置页面诱使网站管理员访问,提交钓鱼页面可以使用图片插入CSRF请求: 当管理员访问时就会将查询内容写入/tmp/file.txt文件中。...
ImageCMS SQL注入漏洞
CVE ID:CVE-2012-6290 ImageCMS是一款内容管理系统。 ImageCMS存在跨站请求伪造漏洞,允许远程攻击者构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作。 由于传递到"/admin/adminsearch/"的"q" HTTP GET参数没有正确过滤,攻击者可以利用漏洞在应用数据库中执行任意SQL代码。 0 ImageCMS 4.0.0b ImageCMS 4.2已经修复该漏洞,建议用户下载更新: http://forum.imagecms.net/viewtopic.php?id=1436...
CVE-2012-6290
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/adminsearch/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands...
Sql injection
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/adminsearch/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands...
CVE-2013-7334
Cross-site request forgery CSRF vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q parameter, related to CVE-2012-6290...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q parameter, related to CVE-2012-6290...
CVE-2013-7334
Cross-site request forgery CSRF vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q parameter, related to CVE-2012-6290...
CVE-2013-7334
ImageCMS before 4.2 is affected by a CSRF vulnerability that can be leveraged to perform SQL injection via the q parameter in admin/admin_search/, enabling remote attackers to execute arbitrary SQL commands after hijacking administrator sessions. This issue is related to CVE-2012-6290. Evidence f...
CVE-2012-6290
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/adminsearch/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands...
CVE-2012-6290
CVE-2012-6290 affects ImageCMS before 4.2. The vulnerability is a SQL injection in the q parameter sent to /admin/admin_search/, caused by insufficient filtration of input. If exploited, remote authenticated administrators could execute arbitrary SQL commands; CSRF could enable remote unauthentic...
SQL Injection Vulnerability in ImageCMS
Advisory ID: HTB23132 Product: ImageCMS Vendor: www.imagecms.net Vulnerable Versions: 4.0.0b and probably prior Tested Version: 4.0.0b Vendor Notification: December 5, 2012 Vendor Patch: January 16, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...
ImageCMS 4.0.0b SQL injection/ CSRF Vulnerabilities
Exploit for php platform in category web applications Product: ImageCMS Vendor: www.imagecms.net Vulnerable Versions: 4.0.0b and probably prior Tested Version: 4.0.0b Vendor Notification: December 5, 2012 Vendor Patch: January 16, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: SQL...
ImageCMS 4.0.0b - Multiple Vulnerabilities
ImageCMS 4.0.0b - Multiple Vulnerabilities Advisory ID: HTB23132 Product: ImageCMS Vendor: www.imagecms.net Vulnerable Versions: 4.0.0b and probably prior Tested Version: 4.0.0b Vendor Notification: December 5, 2012 Vendor Patch: January 16, 2013 Public Disclosure: January 23, 2013 Vulnerability...
ImageCMS 4.0.0b - Multiple Vulnerabilities
Advisory ID: HTB23132 Product: ImageCMS Vendor: www.imagecms.net Vulnerable Versions: 4.0.0b and probably prior Tested Version: 4.0.0b Vendor Notification: December 5, 2012 Vendor Patch: January 16, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...
ImageCMS 4.0.0b SQL Injection
Advisory ID: HTB23132 Product: ImageCMS Vendor: www.imagecms.net Vulnerable Versions: 4.0.0b and probably prior Tested Version: 4.0.0b Vendor Notification: December 5, 2012 Vendor Patch: January 16, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...
SQL Injection Vulnerability in ImageCMS
High-Tech Bridge Security Research Lab discovered vulnerability in ImageCMS, which can be exploited to perform SQL injection attacks. 1 SQL injection vulnerability in ImageCMS: CVE-2012-6290 The vulnerability exists due to insufficient filtration of the "q" HTTP GET parameter passed to...