586 matches found
Frog CMS 0.9.5 - Arbitrary File Upload
Frog CMS 0.9.5 - Arbitrary File Upload Exploit Title: Arbitrary File Upload in Frog CMS 0.9.5 Date : 2014-07-07 Exploit Author : Javid Hussain Vendor Homepage : http://www.madebyfrog.com Exploit-DB Note: All authenticated users can upload files. If the file does not have execute permissions the C...
CVE-2013-7319
CVE-2013-7319 concerns the WordPress Download Manager plugin prior to version 2.5.9. The vulnerability is a cross-site scripting (XSS) flaw in the title field, where user-supplied input can be injected as script/HTML and executed in the context of the affected site. The issue arises from insuffic...
CVE-2012-6628
Multiple cross-site scripting XSS vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 xyzemcampName to admin/createcampaign.php or 2 admin/editcampaign.php, 3 xyzememail parameter to admin/editemail.ph...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change an email address or 2 conduct script insertion attacks. NOTE: the provenance o...
CVE-2012-6628
CVE-2012-6628 reports multiple cross-site scripting (XSS) vulnerabilities in the WordPress Newsletter Manager plugin before 1.0.2. The issue allows remote attackers to inject arbitrary script/HTML via one of five vectors: (1) xyz_em_campName to admin/create_campaign.php, (2) xyz_em_campName to ad...
Getsimple CMS Items Manager Plugin - PHP.php Arbitrary File Upload
Getsimple CMS Items Manager Plugin - PHP.php Arbitrary File Upload source: https://www.securityfocus.com/bid/54255/info Items Manager Plugin for GetSimple CMS is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately...
WordPress HTML5 AV Manager Plugin 'custom.php' Arbitrary File Upload Vulnerability
WordPress HTML5 AV Manager Plugin is prone to a file upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload
WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload Exploit Title: Wordpress front file manager 0.1 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/front-file-manager/ Date: 07/06/2012 Exploit Author: Adrien Thierry adrien dot thierryfr at gmail dot com Vendor Homepage:...
WordPress Asset Manager Plugin 0.2 'upload.php' Arbitrary File Upload Vulnerability - Active Check
WordPress Asset Manager Plugin is prone to a file upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities
Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities Date: Sun 11 Jul 2010 10:22:48 AM EEST Vendor: http://www.madebyfrog.com/ Download: http://www.madebyfrog.com/public/download/files/frog095.tar.gz --- -= CSRF PoC 1 - Create Admin User =- Frog CMS 0.9.5 Multiple CSRF...
DokuWiki Multiple CSRF Vulnerabilities
Dokuwiki is prone to multiple Cross Site Scripting vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2010-0287
Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...
CVE-2010-0288
A typo in the administrator permission check in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown...
CVE-2010-0287
Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...
CVE-2010-0289
Multiple cross-site request forgery CSRF vulnerabilities in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown...
CVE-2010-0288
A typo in the administrator permission check in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010...
UBUNTU-CVE-2010-0288
A typo in the administrator permission check in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010...
DEBIAN-CVE-2010-0289
Multiple cross-site request forgery CSRF vulnerabilities in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown...
DEBIAN-CVE-2010-0287
Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...