75 matches found
CVE-2008-7208
CVE-2008-7208 affects OneCMS 2.4 (and possibly earlier). The issue comprises multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via the parameter (1) username (variable $usernameb) to a_login.php or (2) user parameter to staff.php. The described r...
CVE-2008-7209
Unrestricted file upload vulnerability in the add2 action in aupload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request ...
CVE-2008-6652
SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter...
Sql injection
SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter...
CVE-2008-6652
The vulnerability CVE-2008-6652 affects OneCMS 2.5, specifically in asd.php where the sitename parameter enables SQL injection. This could allow remote attackers to execute arbitrary SQL commands. The provided documents do not include a remediation or patch details.
CVE-2008-6652
SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter...
OneCMS load参数本地文件包含漏洞
BUGTRAQ ID: 29374 OneCMS是为网络游戏站点设计的内容管理系统。 OneCMS实现上存在输入验证漏洞,远程攻击者可以通过提交恶意的HTTP请求包含本地资源的任意文件,导致泄露敏感信息。 当act设置为go的时候,OneCMS的installmod.php文件中没有正确过滤对load参数的输入便用于包含文件: $mod = $GET'load'; $filexp = explode".", $mod; $filetype = $filexp1; $file = $filexp0; $file2 = "mods/$mod"; if !isnumeric$mod...
CVE-2008-2482
Directory traversal vulnerability in installmod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the load parameter in a go action...
Directory traversal
Directory traversal vulnerability in installmod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the load parameter in a go action...
CVE-2008-2482
Directory traversal vulnerability in installmod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the load parameter in a go action...
CVE-2008-2482
CVE-2008-2482 affects OneCMS 2.5 from insanevisions via a directory traversal in install_mod.php. The load parameter in the go action can be manipulated with .. to include and execute arbitrary local files. The NVD entry lists a CVSSv2 base score of 7.5 (HIGH) with network access, low attack comp...
[DSECRG-08-025] Local File Include in OneCMS 2.5
Digital Security Research Group DSecRG Advisory DSECRG-08-025 Application: OneCMS Versions Affected: 2.5 Vendor URL: http://www.insanevisions.com/ Bug: Local File Include Exploits: YES Reported: 26.03.2008 Vendor Response: NONE Solution: NONE Date of Public Advisory: 23.05.2008 Author: Digital...
OneCMS 2.5 (install_mod.php) Local File Inclusion Vulnerability
No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-034 Application: OneCMS Versions Affected: 2.5 Vendor URL: http://www.insanevisions.com/ Bug: Local File Include Exploits: YES Reported: 26.03.2008 Vendor Response: NONE Solution: NONE Date of Public...
DSECRG-08-025.txt
Digital Security Research Group DSecRG Advisory DSECRG-08-025 Application: OneCMS Versions Affected: 2.5 Vendor URL: http://www.insanevisions.com/ Bug: Local File Include Exploits: YES Reported: 26.03.2008 Vendor Response: NONE Solution: NONE Date of Public Advisory: 23.05.2008 Author: Digital...
OneCMS 2.5 - install_mod.php Local File Inclusion
OneCMS 2.5 - installmod.php Local File Inclusion Digital Security Research Group DSecRG Advisory DSECRG-08-034 Application: OneCMS Versions Affected: 2.5 Vendor URL: http://www.insanevisions.com/ Bug: Local File Include Exploits: YES Reported: 26.03.2008 Vendor Response: NONE Solution: NONE Date ...
OneCMS 2.5 (install_mod.php) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications =============================================================== OneCMS 2.5 installmod.php Local File Inclusion Vulnerability =============================================================== Digital Security Research Group DSecRG Advisory...
OneCMS 2.5 - 'install_mod.php' Local File Inclusion
Digital Security Research Group DSecRG Advisory DSECRG-08-034 Application: OneCMS Versions Affected: 2.5 Vendor URL: http://www.insanevisions.com/ Bug: Local File Include Exploits: YES Reported: 26.03.2008 Vendor Response: NONE Solution: NONE Date of Public Advisory: 23.05.2008 Author: Digital...
OneCMS 2.5 Remote Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================= OneCMS 2.5 Remote Blind SQL Injection Exploit ============================================= !/usr/bin/perl OneCMS 2.5 Remote Blind SQL Injection Exploit Author : Cod3rZ Usage : perl oc.pl site...
OneCMS 2.5 Remote Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl OneCMS 2.5 Remote Blind SQL Injection Exploit Author : Cod3rZ Site : http://cod3rz.helloweb.eu Site : http://devilsnight.altervista.org Usage : perl oc.pl site There's many other bugs, find them yourself use LWP::UserAgent; use...
OneCMS 2.5 - Blind SQL Injection
!/usr/bin/perl OneCMS 2.5 Remote Blind SQL Injection Exploit Author : Cod3rZ Site : http://cod3rz.helloweb.eu Site : http://devilsnight.altervista.org Usage : perl oc.pl site There's many other bugs, find them yourself use LWP::UserAgent; use HTTP::Request::Common; use Time::HiRes; $ua =...