9 matches found
EUVD-2012-3815
Malware in sbrugna...
CVE-2012-3873
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...
CVE-2012-3872
Multiple cross-site scripting XSS vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to data/file/edit.php, 2 the q parameter to confirm.php, or 3 the keyword parameter to users/users.php...
CVE-2012-3873
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...
Cross site scripting
Cross-site scripting XSS vulnerability in data/hybrid/ihybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter...
Sql injection
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...
CVE-2012-3871
CVE-2012-3871 describes a stored XSS vulnerability in Open Constructor 3.12.0, exposed through the header parameter in data/hybrid/i_hybrid.php when creating a catalogue document. Exploitation requires an authenticated user, who can inject arbitrary scripting/HTML that may execute in other users’...
CVE-2012-3870
OpenConstructor CMS 3.12.0 contains Stored XSS in objects/createobject.php. The vulnerable code assigns user-supplied POST values name and description to an object without HTML escaping, enabling an authenticated user to inject arbitrary script that can run in other users’ browsers. Affected prod...
CVE-2012-3873
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...