Lucene search
K

75 matches found

CVE
CVE
added 2009/09/11 4:0 p.m.47 views

CVE-2008-7208

CVE-2008-7208 affects OneCMS 2.4 (and possibly earlier). The issue comprises multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via the parameter (1) username (variable $usernameb) to a_login.php or (2) user parameter to staff.php. The described r...

6.8CVSS8.8AI score0.01768EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2009/09/11 4:0 p.m.19 views

CVE-2008-7209

Unrestricted file upload vulnerability in the add2 action in aupload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request ...

7.8AI score0.06007EPSS
Exploits1References9
NVD
NVD
added 2009/04/07 2:17 p.m.16 views

CVE-2008-6652

SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter...

7.5CVSS8.4AI score0.00967EPSS
Exploits1References3
Prion
Prion
added 2009/04/07 2:17 p.m.12 views

Sql injection

SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter...

7.5CVSS9.1AI score0.00967EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2009/04/07 10:0 a.m.49 views

CVE-2008-6652

The vulnerability CVE-2008-6652 affects OneCMS 2.5, specifically in asd.php where the sitename parameter enables SQL injection. This could allow remote attackers to execute arbitrary SQL commands. The provided documents do not include a remediation or patch details.

7.5CVSS8.7AI score0.00967EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2009/04/07 10:0 a.m.20 views

CVE-2008-6652

SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter...

8.4AI score0.00967EPSS
Exploits1References3
seebug.org
seebug.org
added 2008/05/29 12:0 a.m.30 views

OneCMS load参数本地文件包含漏洞

BUGTRAQ ID: 29374 OneCMS是为网络游戏站点设计的内容管理系统。 OneCMS实现上存在输入验证漏洞,远程攻击者可以通过提交恶意的HTTP请求包含本地资源的任意文件,导致泄露敏感信息。 当act设置为go的时候,OneCMS的installmod.php文件中没有正确过滤对load参数的输入便用于包含文件: $mod = $GET'load'; $filexp = explode".", $mod; $filetype = $filexp1; $file = $filexp0; $file2 = "mods/$mod"; if !isnumeric$mod...

6.7AI score
Exploits0
NVD
NVD
added 2008/05/28 3:32 p.m.16 views

CVE-2008-2482

Directory traversal vulnerability in installmod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the load parameter in a go action...

7.5CVSS7.1AI score0.02843EPSS
Exploits1References6
Prion
Prion
added 2008/05/28 3:32 p.m.18 views

Directory traversal

Directory traversal vulnerability in installmod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the load parameter in a go action...

7.5CVSS7.6AI score0.02843EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2008/05/28 3:0 p.m.22 views

CVE-2008-2482

Directory traversal vulnerability in installmod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the load parameter in a go action...

7.1AI score0.02843EPSS
Exploits1References6
CVE
CVE
added 2008/05/28 3:0 p.m.42 views

CVE-2008-2482

CVE-2008-2482 affects OneCMS 2.5 from insanevisions via a directory traversal in install_mod.php. The load parameter in the go action can be manipulated with .. to include and execute arbitrary local files. The NVD entry lists a CVSSv2 base score of 7.5 (HIGH) with network access, low attack comp...

7.5CVSS7.1AI score0.02843EPSS
Exploits1References6Affected Software1
securityvulns
securityvulns
added 2008/05/24 12:0 a.m.46 views

[DSECRG-08-025] Local File Include in OneCMS 2.5

Digital Security Research Group DSecRG Advisory DSECRG-08-025 Application: OneCMS Versions Affected: 2.5 Vendor URL: http://www.insanevisions.com/ Bug: Local File Include Exploits: YES Reported: 26.03.2008 Vendor Response: NONE Solution: NONE Date of Public Advisory: 23.05.2008 Author: Digital...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2008/05/24 12:0 a.m.39 views

OneCMS 2.5 (install_mod.php) Local File Inclusion Vulnerability

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-034 Application: OneCMS Versions Affected: 2.5 Vendor URL: http://www.insanevisions.com/ Bug: Local File Include Exploits: YES Reported: 26.03.2008 Vendor Response: NONE Solution: NONE Date of Public...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2008/05/23 12:0 a.m.36 views

DSECRG-08-025.txt

Digital Security Research Group DSecRG Advisory DSECRG-08-025 Application: OneCMS Versions Affected: 2.5 Vendor URL: http://www.insanevisions.com/ Bug: Local File Include Exploits: YES Reported: 26.03.2008 Vendor Response: NONE Solution: NONE Date of Public Advisory: 23.05.2008 Author: Digital...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/05/23 12:0 a.m.23 views

OneCMS 2.5 - install_mod.php Local File Inclusion

OneCMS 2.5 - installmod.php Local File Inclusion Digital Security Research Group DSecRG Advisory DSECRG-08-034 Application: OneCMS Versions Affected: 2.5 Vendor URL: http://www.insanevisions.com/ Bug: Local File Include Exploits: YES Reported: 26.03.2008 Vendor Response: NONE Solution: NONE Date ...

7.4AI score
Exploits0
0day.today
0day.today
added 2008/05/23 12:0 a.m.30 views

OneCMS 2.5 (install_mod.php) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications =============================================================== OneCMS 2.5 installmod.php Local File Inclusion Vulnerability =============================================================== Digital Security Research Group DSecRG Advisory...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/05/23 12:0 a.m.33 views

OneCMS 2.5 - 'install_mod.php' Local File Inclusion

Digital Security Research Group DSecRG Advisory DSECRG-08-034 Application: OneCMS Versions Affected: 2.5 Vendor URL: http://www.insanevisions.com/ Bug: Local File Include Exploits: YES Reported: 26.03.2008 Vendor Response: NONE Solution: NONE Date of Public Advisory: 23.05.2008 Author: Digital...

7.4AI score
Exploits0
0day.today
0day.today
added 2008/05/07 12:0 a.m.12 views

OneCMS 2.5 Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================= OneCMS 2.5 Remote Blind SQL Injection Exploit ============================================= !/usr/bin/perl OneCMS 2.5 Remote Blind SQL Injection Exploit Author : Cod3rZ Usage : perl oc.pl site...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/05/07 12:0 a.m.14 views

OneCMS 2.5 Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl OneCMS 2.5 Remote Blind SQL Injection Exploit Author : Cod3rZ Site : http://cod3rz.helloweb.eu Site : http://devilsnight.altervista.org Usage : perl oc.pl site There's many other bugs, find them yourself use LWP::UserAgent; use...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/05/07 12:0 a.m.25 views

OneCMS 2.5 - Blind SQL Injection

!/usr/bin/perl OneCMS 2.5 Remote Blind SQL Injection Exploit Author : Cod3rZ Site : http://cod3rz.helloweb.eu Site : http://devilsnight.altervista.org Usage : perl oc.pl site There's many other bugs, find them yourself use LWP::UserAgent; use HTTP::Request::Common; use Time::HiRes; $ua =...

7AI score
Exploits0
Rows per page
Query Builder