67 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the contact module admin/modules/contact.php in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the 1 uemail or 2 subject parameter in the Contact form to contact/...
CVE-2014-3786
Multiple cross-site scripting XSS vulnerabilities in the contact module admin/modules/contact.php in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the 1 uemail or 2 subject parameter in the Contact form to contact/...
CVE-2014-3786
Pixie CMS 1.04’s contact module (admin/modules/contact.php) is affected by multiple POST XSS vulnerabilities via the uemail and subject fields in the contact form. A remote attacker could inject arbitrary web script/HTML, enabling script execution in the victim’s browser on the affected site. The...
Pixie CMS 1.04 Cross Site Scripting
Pixie CMS v1.04 Contact form POST XSS Vulnerabilities Vendor: Pixie CMS Product web page: http://www.getpixie.co.uk Affected version: 1.04 Severity: Medium CVE: CVE-2014-3786 Demo page: http://demo.getpixie.co.uk Discovered by: Filippos Mastrogiannis @filipposmastro & Simone Memoli @Simon90Italy...
Pixie 1.04 CMS - Multiple XSS Vulnerabilities
Latest Pixie CMS suffers on multiple cross site scripting because of poor content and variables filtration. Title: Pixie 1.04 CMS - Multiple XSS Version: 1.04 Latest ATM Vendor: getpixie.co.uk Demo: demo.getpixie.co.uk Date: 01.26.2014 Contact: smashatdevilteam.pl 1. Cross Site Scripting - GET 'm...
Pixie 1.04 - Blog Post Cross-Site Request Forgery
Exploit Title: Pixie v1.04 blog post CSRF Google Dork: Date: 11-Dec-2011 Author: hackme Software Link: http://pixie-cms.googlecode.com/files/pixiev1.04.zip Version: 1.04 Tested on: Linux Ubuntu 10.10 CVE : + TH4NKZ T0: broiosen,ReGun and hackgame.it + Vulnerable Url:...
Pixie 1.04 Cross Site Request Forgery
Exploit Title: Pixie v1.04 blog post CSRF Google Dork: Date: 11-Dec-2011 Author: hackme Software Link: http://pixie-cms.googlecode.com/files/pixiev1.04.zip Version: 1.04 Tested on: Linux Ubuntu 10.10 CVE : + TH4NKZ T0: broiosen,ReGun and hackgame.it + Vulnerable Url:...
Pixie v1.04 blog post CSRF
Exploit for php platform in category web applications Exploit Title: Pixie v1.04 blog post CSRF Google Dork: Date: 11-Dec-2011 Author: hackme Software Link: http://pixie-cms.googlecode.com/files/pixiev1.04.zip Version: 1.04 Tested on: Linux Ubuntu 10.10 CVE : + TH4NKZ T0: broiosen,ReGun and...
Pixie 1.04 - Blog Post Cross-Site Request Forgery
Pixie 1.04 - Blog Post Cross-Site Request Forgery Exploit Title: Pixie v1.04 blog post CSRF Google Dork: Date: 11-Dec-2011 Author: hackme Software Link: http://pixie-cms.googlecode.com/files/pixiev1.04.zip Version: 1.04 Tested on: Linux Ubuntu 10.10 CVE : + TH4NKZ T0: broiosen,ReGun and...
CVE-2011-4710
Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the 1 pixieuser parameter and 2 Referer HTTP header in a request to the default URI...
Sql injection
Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the 1 pixieuser parameter and 2 Referer HTTP header in a request to the default URI...
CVE-2011-4710
CVE-2011-4710 affects Pixie CMS versions 1.01 through 1.04, where the application is vulnerable to SQL injection via the pixie_user parameter and the Referer HTTP header in requests to the default URI. The underlying root cause is improper input handling that allows remote attackers to execute ar...
CVE-2011-4710
Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the 1 pixieuser parameter and 2 Referer HTTP header in a request to the default URI...
Pixie CMS 1.01 - 1.04 Blind SQL Injections
No description provided by source. Exploit Title: Pixie CMS 1.01 - 1.04 "pixieuser" Blind SQL Injection Google Dork: None Date: 11/14/2011 Author: Piranha, piranhaattorontomail.com Software Link: http://www.getpixie.co.uk/ Version: 1.01 - 1.04 Tested on: Windows XP SP3, Pixie versions: 1.01 - 1.0...
Pixie CMS 1.01 < 1.04 - Blind SQL Injections
Exploit Title: Pixie CMS 1.01 - 1.04 "pixieuser" Blind SQL Injection Google Dork: None Date: 11/14/2011 Author: Piranha, piranhaattorontomail.com Software Link: http://www.getpixie.co.uk/ Version: 1.01 - 1.04 Tested on: Windows XP SP3, Pixie versions: 1.01 - 1.04 CVE : None Example request: GET...
Pixie CMS 1.01 1.04 - Blind SQL Injections
Pixie CMS 1.01 1.04 - Blind SQL Injections Exploit Title: Pixie CMS 1.01 - 1.04 "pixieuser" Blind SQL Injection Google Dork: None Date: 11/14/2011 Author: Piranha, piranhaattorontomail.com Software Link: http://www.getpixie.co.uk/ Version: 1.01 - 1.04 Tested on: Windows XP SP3, Pixie versions: 1....
Pixie CMS 1.04 Blind SQL Injection
Exploit Title: Pixie CMS 1.01 - 1.04 "pixieuser" Blind SQL Injection Google Dork: None Date: 11/14/2011 Author: Piranha, piranhaattorontomail.com Software Link: http://www.getpixie.co.uk/ Version: 1.01 - 1.04 Tested on: Windows XP SP3, Pixie versions: 1.01 - 1.04 CVE : None Example request: GET...
Pixie CMS 1.01 - 1.04 Blind SQL Injections
Exploit for php platform in category web applications Exploit Title: Pixie CMS 1.01 - 1.04 "pixieuser" Blind SQL Injection Google Dork: None Date: 11/14/2011 Author: Piranha, piranhaattorontomail.com Software Link: http://www.getpixie.co.uk/ Version: 1.01 - 1.04 Tested on: Windows XP SP3, Pixie...
Pixie CMS 1.0.4 - adminindex.php SQL Injection
Pixie CMS 1.0.4 - adminindex.php SQL Injection source: https://www.securityfocus.com/bid/45937/info Pixie is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker...
Pixie CMS 1.0.4 - '/admin/index.php' SQL Injection
source: https://www.securityfocus.com/bid/45937/info Pixie is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modif...