156 matches found
PivotX 2.3.11 - Directory Traversal
No description provided by source...
PivotX 2.3.11 Shell Upload
Security Advisory - Curesec Research Team 1. Introduction Affected Product: PivotX 2.3.11 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pivotx.net/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 01/20/2016 Disclosed to public: 03/15/2016 Releas...
PivotX 2.3.11 Directory Traversal
Security Advisory - Curesec Research Team 1. Introduction Affected Product: PivotX 2.3.11 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pivotx.net/ Vulnerability Type: Directory Traversal Remote Exploitable: Yes Reported to vendor: 01/20/2016 Disclosed to public: 03/15/2016...
PivotX 2.3.11 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: PivotX 2.3.11 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pivotx.net/ Vulnerability Type: Reflected XSS Remote Exploitable: Yes Reported to vendor: 01/20/2016 Disclosed to public: 03/15/2016 Release...
PivotX 2.3.11 - Directory Traversal
Exploit for php platform in category web applications 1. Introduction Affected Product: PivotX 2.3.11 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pivotx.net/ Vulnerability Type: Directory Traversal Remote Exploitable: Yes Reported to vendor: 01/20/2016 Disclosed to public:...
PivotX 2.3.11 - Directory Traversal
PivotX 2.3.11 - Directory Traversal Security Advisory - Curesec Research Team 1. Introduction Affected Product: PivotX 2.3.11 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pivotx.net/ Vulnerability Type: Directory Traversal Remote Exploitable: Yes Reported to vendor: 01/20/20...
PivotX 2.3.11 - Directory Traversal
Security Advisory - Curesec Research Team 1. Introduction Affected Product: PivotX 2.3.11 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://pivotx.net/ Vulnerability Type: Directory Traversal Remote Exploitable: Yes Reported to vendor: 01/20/2016 Disclosed to public: 03/15/2016...
PivotX CMS 2.3.10 Cross Site Request Forgery / Cross Site Scripting
" " " " "...
FreeBSD : pivotx -- XSS (XSS) vulnerability (14d846d6-27b3-11e5-a15a-50af736ef1c0)
pivotx reports : cross-site scripting XSS vulnerability in the nickname and possibly the email field. Mitigated by the fact that an attacker must have a PivotX account. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
FreeBSD : pivotx -- Multiple unrestricted file upload vulnerabilities (7313b0e3-27b4-11e5-a15a-50af736ef1c0)
Pivotx reports : Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a 1 .php or 2 .php extension, and then accessing it via unspecified vectors. %NASLMINLEVEL 70300 C...
Pivotx Session Fixation Vulnerability
Pivotx is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A session fixation vulnerability exists in the fileupload.php file in Pivotx versions prior to 2.3.11. A remote attacker can exploit this...
Pivotx Cross-Site Scripting Vulnerability
Pivotx is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A cross-site scripting vulnerability exists in the 'form' method in the modules/formclass.php script in versions prior to Pivotx 2.3.11. A remot...
Pivotx Arbitrary Code Execution Vulnerability
Pivotx is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A security vulnerability exists in Pivotx versions prior to 2.3.11, which stems from the program failing to validate a new file extension when...
CVE-2015-5458
Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter...
CVE-2015-5457
PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php...
CVE-2015-5456
Cross-site scripting XSS vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable and form actions...
Cross site scripting
Cross-site scripting XSS vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable and form actions...
Design/Logic Flaw
PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as demonstrated by a file named foo.php.php...
Session fixation
Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter...
CVE-2015-5458
Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter...