27 matches found
EUVD-2008-4162
Malware in sbrugna...
EUVD-2008-4145
Malware in sbrugna...
EUVD-2008-4163
Malware in sbrugna...
NooMS 1.1 - smileys.php page_id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/31131/info NooMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browse...
NooMS 1.1 - search.php q Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/31131/info NooMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browse...
NooMS CMS 1.1.1 - CSRF
No description provided by source. NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this morning so figured I'd tr...
NooMS CMS version 1.1.1 CSRF
Exploit for php platform in category web applications NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this mornin...
NooMS CMS 1.1.1 Cross Site Request Forgery
NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this morning so figured I'd try to see how fast it would take me ...
Nooms CMS 1.1.1 - Cross-Site Request Forgery
NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this morning so figured I'd try to see how fast it would take me ...
Nooms CMS 1.1.1 - Cross-Site Request Forgery
Nooms CMS 1.1.1 - Cross-Site Request Forgery NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this morning so...
CVE-2008-4180
Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the gdbuser parameter and a password in the gdbpwd parameter, and possibly a "localhost" gdbhost parameter value, related to a "Mysql Remote Brute Force...
CVE-2008-4179
Multiple cross-site scripting XSS vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 pageid parameter to smileys.php and the 2 q parameter to search.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 pageid parameter to smileys.php and the 2 q parameter to search.php...
Remote file inclusion
Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the gdbuser parameter and a password in the gdbpwd parameter, and possibly a "localhost" gdbhost parameter value, related to a "Mysql Remote Brute Force...
CVE-2008-4179
NooMS 1.1 is affected by CVE-2008-4179 through two reflected XSS vectors: in smileys.php via the page_id parameter and in search.php via the q parameter. The connected records confirm the vulnerability class (XSS) and the affected components, but do not provide explicit patch versions, remediatio...
CVE-2008-4180
Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the gdbuser parameter and a password in the gdbpwd parameter, and possibly a "localhost" gdbhost parameter value, related to a "Mysql Remote Brute Force...
CVE-2008-4179
Multiple cross-site scripting XSS vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 pageid parameter to smileys.php and the 2 q parameter to search.php...
CVE-2008-4180
The CVE-2008-4180 entry concerns NooMS 1.1, where a vulnerability in db.php could allow remote brute-force attempts against database passwords using g_dbuser and g_dbpwd parameters, and possibly a localhost value for g_dbhost. The connected sources corroborate an unspecified vulnerability enablin...
CVE-2008-4162
Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the gsiteurl parameter...
Open redirect
Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the gsiteurl parameter...