38 matches found
EUVD-2010-3908
Malware in sbrugna...
EUVD-2010-1455
Malware in sbrugna...
EUVD-2011-0753
Malware in sbrugna...
EUVD-2010-3907
Malware in sbrugna...
EUVD-2010-1454
Malware in sbrugna...
Evolution 1.1 and Prior Remote Execution
Product: MODX Evolution Risk: Very High Severity: Critical Versions: =1.1 Vulnerability Type: Remote Code Execution Report Date: 2016-November-08 Fixed Date: 2016-November-12 Description The following components distributed with all versions of MODX Evolution and 0.9.x contain a vulnerability, th...
Important Update to AjaxSearch Exploit in Evo 1.0.13 (and prior)
Last week we announced an exploit found in AjaxSearch that could allow a Remote Code Execution in MODX Evolution. We originally suggested the removal of the index-ajax.php file was a sufficient method to protect your site from vulnerability. It has come to our attention that this was not correct...
MODX Evolution 1.0.13 (and prior) AjaxSearch Vulnerability
Product: MODX Evolution Risk: Very High Severity: Critical Versions: =1.0.13 Vulnerabilty Type: Remote Code Execution Report Date: 2014-May-29 Fixed Date: 2014-June-5 Description The AjaxSearch component distributed with all versions of MODX Evolution and 0.9.x contains a vulnerability that allow...
MODX Evolution 1.0.7 (and prior) ForgotManager plugin Vulnerability
Product: MODX Evolution Risk: Very High Severity: Critical Versions: 1.0.7 Vulnerabilty Type: Permissions, Privileges, and Access Control; Input Validation; SQL Injection Report Date: 2013-Jan-4 Fixed Date: 2013-Jan-8 Description The Forgot Manager Login plugin distributed with all versions of MO...
MODX Evolution 1.0.6 (and prior) Unauthorized Manager Access
Product: MODX Evolution Risk: Very High Severity: Critical Versions: 1.0.6 and all previous releases Vulnerabilty Type: Permissions, Privileges, and Access Control; Input Validation; SQL Injection Report Date: 2012-Nov-26 Fixed Date: 2012-Nov-26 Description The Forgot Manager Login plugin...
MODX Evolution 1.0.5 (and prior) Remote Script Execution Vulnerability
Product: MODX Evolution Risk: Very High Severity: Critical Versions: 1.0.5 and all previous releases Vunerability type: Remote Script Execution Report Date: 2012-Feb-16 Fixed Date: 2012-Feb-20 Description A vigilant community member sent us a security notice to let us know that he found a securit...
CVE-2011-0741
Multiple cross-site scripting XSS vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the 1 installer or 2 image editor...
CVE-2010-3929
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch...
CVE-2010-3930
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427...
Sql injection
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the 1 installer or 2 image editor...
Directory traversal
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427...
CVE-2010-3929
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch...
CVE-2011-0741
CVE-2011-0741: ModX Evolution versions prior to 1.0.5 are affected by multiple cross-site scripting (XSS) vulnerabilities exploitable via the installer or image editor. Remote attackers can inject arbitrary web script or HTML. The CVE entry describes the issue and impact as XSS with partial integ...
CVE-2010-3930
The CVE-2010-3930 issue affects MODx Evolution 1.0.4 and earlier, described as a directory traversal vulnerability related to AjaxSearch. Connected sources confirm a vulnerable component: the ucfg parameter handling in assets/snippets/ajaxSearch/ajaxSearchPopup.php allows a remote attacker to rea...