Lucene search
K

75 matches found

exploitpack
exploitpack
added 2010/06/24 12:0 a.m.14 views

OneCMS 2.6.1 - search SQL Injection

OneCMS 2.6.1 - search SQL Injection source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2010/06/24 12:0 a.m.12 views

OneCMS 2.6.1 - short1 Cross-Site Scripting

OneCMS 2.6.1 - short1 Cross-Site Scripting source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-base...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2010/06/24 12:0 a.m.23 views

OneCMS 2.6.1 - 'short1' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/06/24 12:0 a.m.23 views

OneCMS 2.6.1 - 'cat' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how t...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/06/24 12:0 a.m.34 views

OneCMS 2.6.1 - 'search' SQL Injection

source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how t...

7.4AI score
Exploits0
htbridge
htbridge
added 2010/06/10 12:0 a.m.51 views

Multiple Vulnerabilities in OneCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OneCMS which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerabilities in OneCMS The vulnerability exists due to input sanitation error in the "cat"...

7.5CVSS7.5AI score
Exploits0Affected Software1
NVD
NVD
added 2010/03/10 8:14 p.m.19 views

CVE-2010-0952

SQL injection vulnerability in index.php in OneCMS 2.5, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action...

6.8CVSS8.3AI score0.0095EPSS
Exploits1References5
Prion
Prion
added 2010/03/10 8:14 p.m.10 views

Sql injection

SQL injection vulnerability in index.php in OneCMS 2.5, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action...

6.8CVSS9.1AI score0.0095EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2010/03/09 8:0 p.m.20 views

CVE-2010-0952

SQL injection vulnerability in index.php in OneCMS 2.5, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action...

8.3AI score0.0095EPSS
Exploits1References5
CVE
CVE
added 2010/03/09 8:0 p.m.47 views

CVE-2010-0952

CVE-2010-0952 is a SQL injection vulnerability in OneCMS 2.5, triggered when magic_quotes_gpc is disabled. The flaw resides in index.php and allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. The CVSS base score is 6.8 (Medium) with Network attack...

6.8CVSS8.7AI score0.0095EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2010/03/05 12:0 a.m.41 views

ONECMS 2.5 SQL Injection

Exploit Title: ONECMS v2.5 SQL INJECTION Date: 05.03.2010 Author: Ctacok and .:melkiy:. Software Link: http://sourceforge.net/projects/onecms/ Version: 2.5 Tested on: Ubuntu 9.10 Apache2+PHP5 !/usr/bin/perl use LWP::Simple; print "\n"; print "\n"; print " ONECMS v2.5 SQL INJECTION \n"; print " Bu...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2010/03/05 12:0 a.m.13 views

OneCMS 2.5 - SQL Injection

OneCMS 2.5 - SQL Injection Exploit Title: ONECMS v2.5 SQL INJECTION Date: 05.03.2010 Author: Ctacok and .:melkiy:. Software Link: http://sourceforge.net/projects/onecms/ Version: 2.5 Tested on: Ubuntu 9.10 Apache2+PHP5 !/usr/bin/perl use LWP::Simple; print "\n"; print "\n"; print " ONECMS v2.5 SQ...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/03/05 12:0 a.m.34 views

OneCMS 2.5 - SQL Injection

Exploit Title: ONECMS v2.5 SQL INJECTION Date: 05.03.2010 Author: Ctacok and .:melkiy:. Software Link: http://sourceforge.net/projects/onecms/ Version: 2.5 Tested on: Ubuntu 9.10 Apache2+PHP5 !/usr/bin/perl use LWP::Simple; print "\n"; print "\n"; print " ONECMS v2.5 SQL INJECTION \n"; print " Bu...

7AI score
Exploits0
0day.today
0day.today
added 2010/03/05 12:0 a.m.18 views

ONECMS v2.5 SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================= ONECMS v2.5 SQL Injection Vulnerability ======================================= Exploit Title: ONECMS v2.5 SQL INJECTION Date: 05.03.2010 Author: Ctacok and .:melkiy:. Software Link:...

7.1AI score
Exploits0
Prion
Prion
added 2009/09/11 4:30 p.m.11 views

Sql injection

Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the 1 username parameter $usernameb variable to alogin.php or 2 user parameter to staff.php...

6.8CVSS9.3AI score0.01768EPSS
Exploits1References10Affected Software1
Prion
Prion
added 2009/09/11 4:30 p.m.13 views

Unrestricted file upload

Unrestricted file upload vulnerability in the add2 action in aupload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request ...

7.5CVSS8.4AI score0.06007EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2009/09/11 4:30 p.m.16 views

CVE-2008-7208

Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the 1 username parameter $usernameb variable to alogin.php or 2 user parameter to staff.php...

6.8CVSS8.6AI score0.01768EPSS
Exploits1References10
NVD
NVD
added 2009/09/11 4:30 p.m.18 views

CVE-2008-7209

Unrestricted file upload vulnerability in the add2 action in aupload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request ...

7.5CVSS7.8AI score0.06007EPSS
Exploits1References9
Cvelist
Cvelist
added 2009/09/11 4:0 p.m.17 views

CVE-2008-7208

Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the 1 username parameter $usernameb variable to alogin.php or 2 user parameter to staff.php...

8.6AI score0.01768EPSS
Exploits1References10
CVE
CVE
added 2009/09/11 4:0 p.m.47 views

CVE-2008-7208

CVE-2008-7208 affects OneCMS 2.4 (and possibly earlier). The issue comprises multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via the parameter (1) username (variable $usernameb) to a_login.php or (2) user parameter to staff.php. The described r...

6.8CVSS8.8AI score0.01768EPSS
Exploits1References10Affected Software1
Rows per page
Query Builder