336 matches found
CVE-2010-4883
The CVE-2010-4883 issue affects MODx Revolution 2.0.2-pl (MODx
MODx Revolution 2.0.8-pl Cross Site Request Forgery
Exploit Title: MODx Revolution 2.0.8-pl CMS XSRF Vulnerability Add new user + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : Web Apps XSRF + Demo Link : http://www.cmsagora.com/demo.php?id=50&type=2 + Demo Login: Username: admin Password: demo123...
MODx Revolution 2.0.8-pl CMS XSRF Vulnerability (Add new user)
Exploit for php platform in category web applications + Exploit Title: MODx Revolution 2.0.8-pl CMS XSRF Vulnerability Add new user + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : Web Apps XSRF + Demo Link : http://www.cmsagora.com/demo.php?id=50&type=2 + Demo Login: Username:...
MODx Evo 1.0.4 (and prior) SQL Injection and Directory Traversal Vulnerabities
Status: Solved Product: MODx Evolution Severity: High Versions: 1.0.4 and prior Advisory Date: 2011-01-26 Fixed Date: 2011-01-19 Impact: a A remote attacker may access or view arbitrary files on the server. b A remote attacker may execute arbitrary PHP code as a result of SQL injection. Descripti...
Critical PHP Bug Security Notice and Patch
Earlier this week, a PHP Security Notice was made due to a critical bug in PHP that could cause PHP to fail should a value of 2.2250738585072011e-308 be set to a PHP value. More information can be found here: http://bugs.php.net/bug.php?id=53632...
Critical Security Upgrade Notice for FormIt, Quip and Login
We received a report of a potential vulnerability in FormIt, Quip and Login that could be used to expose system settings including database information. This has been been corrected and new versions have been posted. Upgrading of FormIt, Login and Quip to the latest versions via Package Manager...
MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability
Exploit for php platform in category web applications ===================================================================== MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability ===================================================================== getObject'modUser',array 30: 'use...
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting
getObject'modUser',array 30: 'username' = $POST'username', 31: ; ... 71: else if !empty$POST'forgotlogin' 72: $c = $modx-newQuery'modUser'; 73: $c-selectarray'modUser.','Profile.email','Profile.fullname'; 74: $c-innerJoin'modUserProfile','...
MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability
Summary MODx Revolution is a powerful PHP Content Management Framework that plays nicely with custom code and helps you build sites faster and maintain them with ease. With Revolution you'll leverage the best things to come around since MVC and Active Record. Description The MODx Revolution CMS...
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting getObject'modUser',array 30: 'username' = $POST'username', 31: ; ... 71: else if !empty$POST'forgotlogin' 72: $c = $modx-newQuery'modUser'; 73: $c-selectarray'modUser.','Profile.email','Profile.fullname'; 74: $...
MODx Revolution CMS Cross Site Scripting
getObject'modUser',array 30: 'username' = $POST'username', 31: ; ... 71: else if !empty$POST'forgotlogin' 72: $c = $modx-newQuery'modUser'; 73: $c-selectarray'modUser.','Profile.email','Profile.fullname'; 74: $c-innerJoin'modUserProfile','Profile'; 75: $c-wherearray 76: '...
phpThumb Command-Injection Vulnerability
It has recently come to our attention that phpThumb all versions contains an unpatched vulnerability. The application is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input to the ’fltr’ parameter in the ’phpThumb.php’ script. Attackers can explo...
MODx Revolution 2.0.3 Addresses Pair of Vulnerabilities
The MODx Revolution 2.0.3 release addresses a pair of reported security vulnerabilities with MODx Revolution 2.0.2-pl and possibly earlier releases: Input passed via the "modhash" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the...
MODx Revolution 2.0.2-pl Local File Inclusion
------------------------------------------------------------------------ Software................MODx Revolution 2.0.2-pl Vulnerability...........Local File Inclusion Download................http://modxcms.com Release Date............9/28/2010 Tested On...............Windows Vista + XAMPP...
MODx Revolution 2.0.2-pl Cross Site Scripting
------------------------------------------------------------------------ Software................MODx Revolution 2.0.2-pl Vulnerability...........Reflected Cross-site Scripting Download................http://modxcms.com Release Date............9/28/2010 Tested On...............Windows Vista + XAM...
MODx Revolution 2.0.2-pl Cross Site Request Forgery
img...