MC Content Manager 10.1.1 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting, Abuse of Functionality and Insufficient Anti-automation vulnerabilities in MC Content Manager. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are potentially all versions o...

XSS, AoF и IAA уязвимости в MC Content Manager

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в системе MC Content Manager. Это украинская коммерческая CMS. XSS WASC-08: Уязвимости на страницах регистрации и восстановления пароля. http://websecurity.com.ua/uploads/2011/MC20Content20Manager20XSS.html...

Cross-Site Scripting уязвимости в MC Content Manager

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в системе MC Content Manager. Это украинская коммерческая CMS. XSS WASC-08: POST запрос на странице http://site/ru/cms/search "scriptalertdocument.cookie/script В поле поиска. XSS WASC-08:...

MC Content Manager Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting vulnerabilities in MC Content Manager. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are previous versions of MC Content Manager before version v.10.1.1. ---------- Details...

MC Content Manager Path Disclosure / SQL Injection

------------------------- Affected products: ------------------------- Vulnerable are only not the latest versions of MC Content Manager. ---------- Details: ---------- Full path disclosure WASC-13: http://site/article.php?root=a SQL Injection WASC-19:...

Full path disclosure и SQL Injection уязвимости в MC Content Manager

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Full path disclosure и SQL Injection уязвимостях в системе MC Content Manager. Это украинская коммерческая CMS. Full path disclosure WASC-13: http://site/article.php?root=a SQL Injection WASC-19: http://site/article.php?root=-120and20version=4...

xAjax Cross Site Scripting / Path Disclosure

Hello list! I want to warn you about Cross-Site Scripting and Full path disclosure vulnerabilities in xAjax and xajaxjqueryplugin. ------------------------- Affected products: ------------------------- Vulnerable are potentially all versions of xAjax. Vulnerable are all versions of...

Уязвимости в xAjax и xajax_jquery_plugin

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Full path disclosure уязвимостях в xAjax и xajaxjqueryplugin. XSS WASC-08: http://site/cms/’;alertdocument.cookie;/ Это DOM Based XSS. Данная уязвимость в частности имеет место в MC Content Manager которая использует xAjax...

Vulnerabilities in MC Content Manager

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting, Brute Force и Full path disclosure уязвимостях в MC Content Manager. Это украинская коммерческая CMS. XSS WASC-08: http://site/cms/’;alertdocument.cookie;/ Brute Force WASC-11: http://site/admin/ Full path disclosure WASC-13:...

MC Content Manager 10.1.1 Cross Site Scripting / Path Disclosure

Hello list! I want to warn you about Cross-Site Scripting, Brute Force and Full path disclosure vulnerabilities in MC Content Manager. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are potentially all versions of MC Content Manage...

Multiple vulnerabilities in MC Content Manager

Hello Bugtraq! I want to warn you about Cross-Site Scripting and SQL Injection vulnerabilities in MC Content Manager. Which I found in this CMS in 2007 and 2009 at the site of SZRU Foreign Intelligence Service of Ukraine - it's Ukrainian special service similar to CIA and MI6 SIS. From 8...

MC Content Manager Cross Site Scripting / SQL Injection

Hello Bugtraq! I want to warn you about Cross-Site Scripting and SQL Injection vulnerabilities in MC Content Manager. Which I found in this CMS in 2007 and 2009 at the site of SZRU Foreign Intelligence Service of Ukraine - it's Ukrainian special service similar to CIA and MI6 SIS. From 8...

MC Content Manager 10.1 - SQL Injection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/41949/info MC Content Manager is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

MC Content Manager 10.1 - SQL Injection Cross-Site Scripting

MC Content Manager 10.1 - SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/41949/info MC Content Manager is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiti...