53 matches found
CVE-2007-1132
Multiple cross-site scripting XSS vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 message and 2 title fields...
CVE-2007-1129
Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via 1 an avatar upload in an adddown action, or 2 an addlink action...
CVE-2007-1129
CVE-2007-1129 affects MTCMS 3.2, with multiple unrestricted file upload vulnerabilities that allow remote attackers to upload and execute files via (1) avatar upload in an add_down action or (2) an add_link action. The root cause/precise vulnerable component is not detailed beyond the two upload ...
CVE-2007-1132
CVE-2007-1132 pertains to multiple XSS vulnerabilities in the MTCMS 2.2 "Contact Us" feature, affecting the (1) message and (2) title fields. The root cause is not explicitly detailed in the provided documents beyond the XSS existence; no payloads, environment constraints, or affected subversions...
CVE-2007-1132
Multiple cross-site scripting XSS vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 message and 2 title fields...
MTCMS multiple upload vulnerabilities
avatar upload vulnerability: upload any kind of file in: site.com/MTCMS-V2.2/?a=gallery&b=adddown and approuved or not it will be here : /uploads/pictures/ same thing for : add link /index.php?a=links&b=addlink xss permanent on Contact Us : message & title fields are vulnerable to an xss attack...
CVE-2006-6796
PHP remote file inclusion vulnerability in admin/adminsettings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the insfile parameter...
CVE-2006-6796
PHP remote file inclusion vulnerability in admin/adminsettings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the insfile parameter...
CVE-2006-6796
CVE-2006-6796 is a PHP remote file inclusion vulnerability in MTCMS 2.0 and earlier. The flaw exists in admin/admin_settings.php where an attacker can supply a URL in the ins_file parameter to trigger inclusion of arbitrary PHP code, potentially leading to remote code execution. Affected product/...
MTCMS <= 2.0 (admin/admin_settings.php) Remote File Include Exploit
No description provided by source. !/usr/bin/perl +------------------------------------------------------------------------------------------- + MTCMS = 2.0 admin/adminsettings.php Remote File Include Exploit...
MTCMS <= 2.0 (admin/admin_settings.php) Remote File Include Exploit
Exploit for unknown platform in category web applications =================================================================== MTCMS \n"; print "-h, --host\ttarget host\texample.com\n"; print "-f, --file\tremote file\thttp://evilsite.com/shell.php\n"; print "-d, --dir\tinstall dir\t/mtcms\n"; exit...
MTCMS 2.0 - adminadmin_settings.php Remote File Inclusion
MTCMS 2.0 - adminadminsettings.php Remote File Inclusion !/usr/bin/perl +------------------------------------------------------------------------------------------- + MTCMS + Requirements.......: registerglobals = on...
MTCMS 2.0 - '/admin/admin_settings.php' Remote File Inclusion
!/usr/bin/perl +------------------------------------------------------------------------------------------- + MTCMS + Requirements.......: registerglobals = on +------------------------------------------------------------------------------------------- use Getopt::Long; use URI::Escape; use...