EUVD-2008-0236

Malware in sbrugna...

RunCMS 1.6.1 config.php bbPath[root_theme] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/30331/info RunCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues can allow an attacker to compromise the application and the...

CVE-2008-7222

Cross-site scripting XSS vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the ranktitle parameter in a RankForumAdd action...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that 1 add new administrators or 2 modify user profiles via a crafted request to system/admin.php...

CVE-2008-7222

CVE-2008-7222 describes a cross-site scripting (XSS) vulnerability in RunCMS 1.6.1, specifically in the system/admin.php module. The issue arises when handling the RankForumAdd action, where an attacker can inject arbitrary web script or HTML via the rank_title parameter. Documents consistently i...

CVE-2008-7221

Cross-site request forgery CSRF vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that 1 add new administrators or 2 modify user profiles via a crafted request to system/admin.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus newbbplus module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the 1 bbPathpath parameter to votepolls.php and the 2 bbPathroottheme parameter to config.php, different vectors than...

CVE-2008-3354

Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus newbbplus module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the 1 bbPathpath parameter to votepolls.php and the 2 bbPathroottheme parameter to config.php, different vectors than...

CVE-2008-3354

CVE-2008-3354 concerns RunCMS 1.6.1 with the Newbb Plus 0.93 module, where multiple PHP remote file inclusion vulnerabilities allow an attacker to execute arbitrary PHP code. Specifically, the flaw is triggered by supplying a URL in the bbPath[path] parameter to votepolls.php and in the bbPath[ro...

runcms161-sql.txt

!/usr/bin/python """ ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ================================================================================================= This is a public Exploit...

RunCMS <= 1.6.1 (msg_image) SQL Injection Exploit

No description provided by source. !/usr/bin/python """ ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / /...

RunCMS 1.6.1 - 'pm.class.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/29069/info RunCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

runcms161-multi.txt

RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties by NBBN b 1 Create Webmaster admin XSRF Vulnerability/b input type="hidde...

CVE-2008-0224

SQL injection vulnerability in index.php in the Newbbplus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter...

CVE-2008-0224

SQL injection vulnerability in index.php in the Newbbplus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter...

CVE-2008-0224

The CVE-2008-0224 issue affects RunCMS’s Newbb_plus module (versions 0.92 and earlier, running on RunCMS 1.6.1). The root cause is an SQL injection vulnerability in index.php where unsanitized input from the Client-Ip header is used in a database query by the newbb_plus module. Exploitation could...

Session fixation

RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session...

CVE-2007-6547

RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session...