75 matches found
OneCMS 2.6.1 - search SQL Injection
OneCMS 2.6.1 - search SQL Injection source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...
OneCMS 2.6.1 - short1 Cross-Site Scripting
OneCMS 2.6.1 - short1 Cross-Site Scripting source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-base...
OneCMS 2.6.1 - 'short1' Cross-Site Scripting
source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how t...
OneCMS 2.6.1 - 'cat' Cross-Site Scripting
source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how t...
OneCMS 2.6.1 - 'search' SQL Injection
source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how t...
Multiple Vulnerabilities in OneCMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OneCMS which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerabilities in OneCMS The vulnerability exists due to input sanitation error in the "cat"...
CVE-2010-0952
SQL injection vulnerability in index.php in OneCMS 2.5, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action...
Sql injection
SQL injection vulnerability in index.php in OneCMS 2.5, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action...
CVE-2010-0952
SQL injection vulnerability in index.php in OneCMS 2.5, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action...
CVE-2010-0952
CVE-2010-0952 is a SQL injection vulnerability in OneCMS 2.5, triggered when magic_quotes_gpc is disabled. The flaw resides in index.php and allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. The CVSS base score is 6.8 (Medium) with Network attack...
ONECMS 2.5 SQL Injection
Exploit Title: ONECMS v2.5 SQL INJECTION Date: 05.03.2010 Author: Ctacok and .:melkiy:. Software Link: http://sourceforge.net/projects/onecms/ Version: 2.5 Tested on: Ubuntu 9.10 Apache2+PHP5 !/usr/bin/perl use LWP::Simple; print "\n"; print "\n"; print " ONECMS v2.5 SQL INJECTION \n"; print " Bu...
OneCMS 2.5 - SQL Injection
OneCMS 2.5 - SQL Injection Exploit Title: ONECMS v2.5 SQL INJECTION Date: 05.03.2010 Author: Ctacok and .:melkiy:. Software Link: http://sourceforge.net/projects/onecms/ Version: 2.5 Tested on: Ubuntu 9.10 Apache2+PHP5 !/usr/bin/perl use LWP::Simple; print "\n"; print "\n"; print " ONECMS v2.5 SQ...
OneCMS 2.5 - SQL Injection
Exploit Title: ONECMS v2.5 SQL INJECTION Date: 05.03.2010 Author: Ctacok and .:melkiy:. Software Link: http://sourceforge.net/projects/onecms/ Version: 2.5 Tested on: Ubuntu 9.10 Apache2+PHP5 !/usr/bin/perl use LWP::Simple; print "\n"; print "\n"; print " ONECMS v2.5 SQL INJECTION \n"; print " Bu...
ONECMS v2.5 SQL Injection Vulnerability
Exploit for unknown platform in category web applications ======================================= ONECMS v2.5 SQL Injection Vulnerability ======================================= Exploit Title: ONECMS v2.5 SQL INJECTION Date: 05.03.2010 Author: Ctacok and .:melkiy:. Software Link:...
Sql injection
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the 1 username parameter $usernameb variable to alogin.php or 2 user parameter to staff.php...
Unrestricted file upload
Unrestricted file upload vulnerability in the add2 action in aupload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request ...
CVE-2008-7208
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the 1 username parameter $usernameb variable to alogin.php or 2 user parameter to staff.php...
CVE-2008-7209
Unrestricted file upload vulnerability in the add2 action in aupload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request ...
CVE-2008-7208
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the 1 username parameter $usernameb variable to alogin.php or 2 user parameter to staff.php...
CVE-2008-7208
CVE-2008-7208 affects OneCMS 2.4 (and possibly earlier). The issue comprises multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via the parameter (1) username (variable $usernameb) to a_login.php or (2) user parameter to staff.php. The described r...