15 matches found
EUVD-2013-2652
Malware in sbrugna...
EUVD-2013-2651
Malware in sbrugna...
CVE-2013-2712
Cross-site scripting XSS vulnerability in services/getarticle.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter...
CVE-2013-2713
Cross-site request forgery CSRF vulnerability in usersmaint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in usersmaint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request...
Cross site scripting
Cross-site scripting XSS vulnerability in services/getarticle.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter...
CVE-2013-2713
KrisonAV CMS 3.0.1 (and likely earlier) is affected by a CSRF vulnerability in users_maint.html that allows an attacker to create a new administrator account via a crafted request. The root cause is insufficient verification of the HTTP request origin, enabling an unauthorized user to hijack admi...
CVE-2013-2713
Cross-site request forgery CSRF vulnerability in usersmaint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request...
CVE-2013-2712
Cross-site scripting XSS vulnerability in services/getarticle.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter...
CVE-2013-2712
KrisonAV CMS is affected by CVE-2013-2712 (XSS) in the /services/get_article.php endpoint, where user-supplied data passed via the content parameter can execute arbitrary script/HTML in a victim user’s browser. The vulnerability affects KrisonAV CMS prior to version 3.0.2 and arises from insuffic...
Multiple Vulnerabilities in KrisonAV CMS
Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...
KrisonAV CMS 3.0.1 - Multiple Vulnerabilities
Exploit for php platform in category web applications Advisory Details: High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in KrisonAV CMS, which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-Site Scripting XSS vulnerabili...
KrisonAV CMS 3.0.1 - Multiple Vulnerabilities
KrisonAV CMS 3.0.1 - Multiple Vulnerabilities Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013...
KrisonAV CMS 3.0.1 CSRF / Cross Site Scripting
Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...
Multiple Vulnerabilities in KrisonAV CMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in KrisonAV CMS, which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-Site Scripting XSS vulnerability in KrisonAV CMS: CVE-2013-2712 The vulnerability exists due to...