Lucene search
+L

1377 matches found

NVD
NVD
added 2015/01/03 10:59 p.m.39 views

CVE-2014-9464

SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parentid variable...

7.5CVSS8.2AI score0.02082EPSS
Exploits5References2
Cvelist
Cvelist
added 2015/01/03 10:0 p.m.43 views

CVE-2014-9464

SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parentid variable...

8.2AI score0.02082EPSS
Exploits5References2
CVE
CVE
added 2015/01/03 10:0 p.m.61 views

CVE-2014-9464

CVE-2014-9464 describes a SQL injection in Microweber CMS 0.95 (before 20141209) via the category parameter in Category.php, related to the $parent_id variable. The root cause is unsafe SQL construction in get_children, enabling remote attackers to execute arbitrary SQL commands. Public disclosur...

7.5CVSS8.4AI score0.02082EPSS
Exploits5References2Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Microweber 0.905 - Error Based SQL Injection

No description provided by source. =============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | |...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Microweber CMS 0.93 - CSRF Vulnerability

No description provided by source. Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where attacker can u...

7.1AI score
Exploits0
NVD
NVD
added 2014/05/12 2:55 p.m.36 views

CVE-2013-5984

Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. dot dot in the file parameter...

6.4CVSS6.6AI score0.02823EPSS
Exploits2References3
Cvelist
Cvelist
added 2014/05/12 2:0 p.m.39 views

CVE-2013-5984

Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. dot dot in the file parameter...

6.6AI score0.02823EPSS
Exploits2References3
CVE
CVE
added 2014/05/12 2:0 p.m.57 views

CVE-2013-5984

Microweber is vulnerable to CVE-2013-5984 due to improper access control in /userfiles/modules/admin/backup/delete.php. An unauthenticated remote attacker can delete arbitrary files by manipulating the file parameter (directory traversal). The advisory notes that this can lead to system compromis...

6.4CVSS6.8AI score0.02823EPSS
Exploits2References3Affected Software1
0day.today
0day.today
added 2014/04/13 12:0 a.m.18 views

Microweber CMS 0.93 - CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2014/04/13 12:0 a.m.20 views

Microweber CMS 0.93 - Cross-Site Request Forgery

Microweber CMS 0.93 - Cross-Site Request Forgery Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2014/04/13 12:0 a.m.15 views

Microweber CMS 0.93 - Cross-Site Request Forgery

Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where attacker can use this vulnerability to create new...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.130 views

Remote Code Execution in Microweber

Advisory ID: HTB23175 Product: Microweber Vendor: Microweber Vulnerable Versions: 0.8 and probably prior Tested Version: 0.8 Advisory Publication: September 25, 2013 without technical details Vendor Notification: September 25, 2013 Vendor Patch: September 26, 2013 Public Disclosure: October 16,...

6.4CVSS0.3AI score0.02823EPSS
Exploits2
exploitpack
exploitpack
added 2013/11/07 12:0 a.m.15 views

Microweber 0.905 - Error-Based SQL Injection

Microweber 0.905 - Error-Based SQL Injection =============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | |...

8.6AI score
Exploits0
Exploit DB
Exploit DB
added 2013/11/07 12:0 a.m.24 views

Microweber 0.905 - Error-Based SQL Injection

=============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | | =============================================================================== TITLE ===== Microweber...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/11/06 12:0 a.m.18 views

Microweber 0.905 SQL Injection

=============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | | =============================================================================== TITLE ===== Microweber...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/10/17 12:0 a.m.58 views

Microweber 0.8 Arbitrary File Deletion

Advisory ID: HTB23175 Product: Microweber Vendor: Microweber Vulnerable Versions: 0.8 and probably prior Tested Version: 0.8 Advisory Publication: September 25, 2013 without technical details Vendor Notification: September 25, 2013 Vendor Patch: September 26, 2013 Public Disclosure: October 16,...

6.4CVSS0.02823EPSS
Exploits2
htbridge
htbridge
added 2013/09/25 12:0 a.m.44 views

Remote Code Execution in Microweber

High-Tech Bridge Security Research Lab discovered vulnerability in Microweber, which can be exploited to delete arbitrary files and compromise vulnerable system as a consequence. 1 Improper Access Control in Microweber: CVE-2013-5984 Vulnerability exists due to improper access restriction to...

10CVSS7.3AI score0.02823EPSS
Exploits2Affected Software1
Rows per page
Query Builder