29 matches found
The Rat CMS (SQL/XSS) Multiple Remote Vulnerabilities
========================================================== The Rat CMS SQL/XSS Multiple Remote Vulnerabilities ========================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...
The Rat CMS - 'viewarticle.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/29959/info The Rat CMS is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to...
The Rat CMS - viewarticle2.php?id SQL Injection
The Rat CMS - viewarticle2.php?id SQL Injection source: https://www.securityfocus.com/bid/29959/info The Rat CMS is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data...
SiteXS CMS 0.1.1 - 'upload.php' Arbitrary File Upload
source: https://www.securityfocus.com/bid/29029/info SiteXS is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code because the application fails to sanitize user-supplied input. An attacker can leverage this issue to execute arbitrary code on an affected...
CVE-2008-2046
CVE-2008-2046 describes a cross-site scripting (XSS) vulnerability in the Softpedia SiteXS CMS 0.1.1 Pre-Alpha. The issue resides in index.php and allows remote attackers to inject arbitrary web script or HTML via the user parameter. Documented impact is partial integrity exposure with no confide...
CVE-2006-5027
Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers to obtain sensitive information via a direct request for php/main/phplib files 1 dbmsql.inc, 2 dbmssql.inc, 3 dbmysql.inc, 4 dboci8.inc, 5 dbodbc.inc, 6 dboracle.inc, and 7 dbpgsql.inc; and 8 dbsybase.inc, which reveals the pa...
CVE-2006-4545
PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the SERVER parameter in 1 admin/avatar.php, 2 libs/archive.class.php, 3 libs/login.php, 4 libs/profiles.class.php, and 5 libs/profile/proccess.php. NOTE: CVE disputes thi...
PT-2006-5338 · Modulebased · Modulebased Cms
Name of the Vulnerable Software and Affected Versions: ModuleBased CMS Pre-Alpha Description: The issue allows remote attackers to execute arbitrary PHP code via the SERVER parameter in several files, including "admin/avatar.php", "libs/archive.class.php", "libs/login.php",...
CVE-2006-4545
ModuleBased CMS Pre-Alpha is affected by a PHP remote file inclusion risk in multiple files (admin/avatar.php, libs/archive.class.php, libs/login.php, libs/profiles.class.php, libs/profile/proccess.php) via the _SERVER parameter. The underlying concern is that the _SERVER array and _SERVER[DOCUME...