PiXie CMS v1.04 <= Multiple CSRF Vulnerabilities

Exploit for php platform in category web applications Add Super User: Add Post: !-- Exploit Title: PiXie CMS v1.04 = CSRF Add Post Google Dork: allintext: "Pixie Powered" Date: 28/12/2010 Author: Ali Raheem AKA wolfmankurd Software Link: http://pixie-cms.googlecode.com/files/pixiev1.04.zip Versio...

PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities

PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities Add Super User: Add Post: !-- Exploit Title: PiXie CMS v1.04 = CSRF Add Post Google Dork: allintext: "Pixie Powered" Date: 28/12/2010 Author: Ali Raheem AKA wolfmankurd Software Link:...

PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities

Add Super User: Add Post: !-- Exploit Title: PiXie CMS v1.04 = CSRF Add Post Google Dork: allintext: "Pixie Powered" Date: 28/12/2010 Author: Ali Raheem AKA wolfmankurd Software Link: http://pixie-cms.googlecode.com/files/pixiev1.04.zip Version: =1.04 Tested on: Linux sheevaplug-debian...

CVE-2009-1067

Cross-site scripting XSS vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter...

CVE-2009-1065

SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-1066

SQL injection vulnerability in the referral function in admin/lib/liblogs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter...

Sql injection

SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Sql injection

SQL injection vulnerability in the referral function in admin/lib/liblogs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request...

CVE-2009-1066

SQL injection vulnerability in the referral function in admin/lib/liblogs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request...

CVE-2009-1065

SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-1065

The CVE-2009-1065 entry concerns a SQL injection vulnerability in Pixie CMS 1.01a (index.php) that allows remote attackers to execute arbitrary SQL commands via the x parameter. Affected component: Pixie CMS 1.01a, vulnerability in index.php; root cause is improper handling of input leading to SQ...

CVE-2009-1066

Pixie CMS 1.01a is affected by CVE-2009-1066 due to an SQL injection in the referral function (admin/lib/lib_logs.php). The vulnerability can be triggered via the Referer HTTP header, enabling remote attackers to execute arbitrary SQL commands against the database. Multiple sources in the connect...

CVE-2009-1067

Cross-site scripting XSS vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter...

CVE-2009-1067

CVE-2009-1067 is a cross-site scripting (XSS) vulnerability in Pixie CMS 1.01a, exploitable via the x parameter in index.php to inject arbitrary script/HTML. Affected software/component: Pixie CMS 1.01a (index.php). Root cause: unsafely reflected input through the x parameter leading to script ex...

PT-2009-3647 · Pixie · Pixie Cms

Name of the Vulnerable Software and Affected Versions: Pixie CMS version 1.01a Description: The issue allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request, specifically in the referral function in admin/lib/lib logs.php. Recommendations: For Pixie CMS...

Pixie CMS (XSS/SQL) Multiple Remote Vulnerabilities

No description provided by source. Pixie CMS Multiple Vulnerabilities Pixie is a "free, open source web application that will help you quickly create your own website. Many people refer to this type of software as a 'content management system cms'" http://www.getpixie.co.uk. Pixie is written in...

Pixie CMS - Cross-Site Scripting SQL Injection

Pixie CMS - Cross-Site Scripting SQL Injection Pixie CMS Multiple Vulnerabilities Pixie is a "free, open source web application that will help you quickly create your own website. Many people refer to this type of software as a 'content management system cms'" http://www.getpixie.co.uk. Pixie is...

Pixie CMS SQL Injection and Cross Site Scripting Vulnerabilities

Pixie CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modif...

Pixie CMS XSS / SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pixie CMS Multiple Vulnerabilities Pixie is a "free, open source web application that will help you quickly create your own website. Many people refer to this type of software as a 'content management system cms'" http://www.getpixie.co.uk. Pixie is...