72 matches found
Micro CMS 1.0 b1 - Persistent Cross-Site Scripting
Micro CMS 1.0 b1 - Persistent Cross-Site Scripting Title : Micro CMS Persistent Cross-Site Scripting Vulnerability. Author : Veerendra G.G from SecPod Technologies www.secpod.com Vendor : http://www.micro-cms.com/ Advisory : http://secpod.org/blog/?p=135...
Micro CMS 1.0 - 'name' HTML Injection (1)
source: https://www.securityfocus.com/bid/43556/info Micro CMS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in th...
Micro CMS 1.0 b1 - Persistent Cross-Site Scripting
Title : Micro CMS Persistent Cross-Site Scripting Vulnerability. Author : Veerendra G.G from SecPod Technologies www.secpod.com Vendor : http://www.micro-cms.com/ Advisory : http://secpod.org/blog/?p=135 http://secpod.org/advisories/SECPODMicroCMS.txt Version : Micro CMS 1.0 beta 1 Date :...
Micro CMS 3.5 - SQL Injection Local File Inclusion
Micro CMS 3.5 - SQL Injection Local File Inclusion Micro CMS File inclusion Vuln Micro CMS SQLi login bypass By learn3r hacker from Nepal [email protected] Affected version: v 3.5 or may be lower... File Inclusion Vuln Requires register globals to be on... Vuln file: microcms-inlude.php...
Micro CMS 3.5 - SQL Injection / Local File Inclusion
Micro CMS File inclusion Vuln Micro CMS SQLi login bypass By learn3r hacker from Nepal [email protected] Affected version: v 3.5 or may be lower... File Inclusion Vuln Requires register globals to be on... Vuln file: microcms-inlude.php...
CVE-2008-6614
Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design IBD Micro CMS 3.5 aka 0.3.5 allow remote attackers to execute arbitrary SQL commands via 1 the administratorsusername parameter aka the Username field or 2 the administratorspass parameter aka the Password fie...
CVE-2008-6614
CVE-2008-6614 affects Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5). The vulnerability arises in microcms-admin-login.php where remote attackers can inject SQL through (1) administrators_username or (2) administrators_pass, enabling arbitrary SQL execution. The reports consistently describe m...
CVE-2008-6614
Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design IBD Micro CMS 3.5 aka 0.3.5 allow remote attackers to execute arbitrary SQL commands via 1 the administratorsusername parameter aka the Username field or 2 the administratorspass parameter aka the Password fie...
Authentication flaw
microcms-admin-home.php in Implied by Design Micro CMS Micro-CMS 3.5 aka 0.3.5 does not require authentication as an administrator, which allows remote attackers to 1 create administrative accounts via an addadmin action, 2 remove administrative accounts via a deleteadmin action, and 3 modify...
CVE-2008-6553
CVE-2008-6553 affects Implied by Design Micro CMS (Micro-CMS) version 3.5 (aka 0.3.5). The vulnerability arises because microcms-admin-home.php does not require administrator authentication, enabling remote attackers to perform administrative actions: add_admin (create admins), delete_admin (remo...
CVE-2008-6553
microcms-admin-home.php in Implied by Design Micro CMS Micro-CMS 3.5 aka 0.3.5 does not require authentication as an administrator, which allows remote attackers to 1 create administrative accounts via an addadmin action, 2 remove administrative accounts via a deleteadmin action, and 3 modify...
Micro CMS <= 0.3.5 Remote (Add/Delete/Password Change) Exploit
No description provided by source. !/usr/bin/perl -------------------------------------------------------------- Micro CMS = 0.3.5 Remote Add/Delete/Password Change Exploit StAkeRathotmaildotit http://www.impliedbydesign.com/apps/microcms/microcms.zip...
Micro CMS <= 0.3.5 Remote (Add/Delete/Password Change) Exploit
Exploit for unknown platform in category web applications ============================================================== Micro CMS ; ifdefined $admin print STDOUT deladmin$admin; exit; else print STDOUT "+ Not Defined!\n"; exit; if$tell = /change/i print STDOUT "+ Admin ID : "; chomp$admin = ;...
Micro CMS 0.3.5 - Remote AddDeletePassword Change
Micro CMS 0.3.5 - Remote AddDeletePassword Change !/usr/bin/perl -------------------------------------------------------------- Micro CMS ; ifdefined $admin print STDOUT deladmin$admin; exit; else print STDOUT "+ Not Defined!\n"; exit; if$tell = /change/i print STDOUT "+ Admin ID : "; chomp$admin...
Micro CMS 0.3.5 - Remote Add/Delete/Password Change
!/usr/bin/perl -------------------------------------------------------------- Micro CMS ; ifdefined $admin print STDOUT deladmin$admin; exit; else print STDOUT "+ Not Defined!\n"; exit; if$tell = /change/i print STDOUT "+ Admin ID : "; chomp$admin = ; print STDOUT "+ New Password: "; chomp$passwd...
ibdmicro-sql.txt
01010111 01001001 01010010 01000101 01000100 01010011 - 01000101 01000011 01010101 01010010 01001001 01010100 - 01011001 ADVISORY: IBD MICRO CMS 3.5 SQL INJECTION LOGIN BYPASS || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: RISK LEVEL || 0x00: ABOUT ME...
CVE-2007-4602
SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS Micro-CMS 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS Micro-CMS 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2007-4602
The CVE-2007-4602 entry concerns Implied by Design Micro CMS (Micro-CMS) 3.5. The vulnerability is a SQL injection in cms/revert-content.php exploitable via the id parameter, allowing remote attackers to potentially execute arbitrary SQL commands. Root cause identified as improper handling of inp...
CVE-2007-4602
SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS Micro-CMS 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...