15 matches found
EUVD-2009-3776
Malware in sbrugna...
EUVD-2009-3785
Malware in sbrugna...
CVE-2009-3804
Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via 1 the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or 2 the topicid parameter...
CVE-2009-3813
Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the 1 forum parameter to modules/forum/post.php and possibly 2 forumid variable to modules/forum/class/class.permissions.php...
Design/Logic Flaw
RunCMS 2M1, when running with certain errorreporting levels, allows remote attackers to obtain sensitive information via 1 the op parameter to modules/contact/index.php or 2 uid parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a ca...
CVE-2009-3815
RunCMS 2M1, when running with certain errorreporting levels, allows remote attackers to obtain sensitive information via 1 the op parameter to modules/contact/index.php or 2 uid parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a ca...
Code injection
Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...
CVE-2009-3814
Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...
CVE-2009-3813
Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the 1 forum parameter to modules/forum/post.php and possibly 2 forumid variable to modules/forum/class/class.permissions.php...
Sql injection
Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via 1 the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or 2 the topicid parameter...
CVE-2009-3813
Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the 1 forum parameter to modules/forum/post.php and possibly 2 forumid variable to modules/forum/class/class.permissions.php...
CVE-2009-3804
Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via 1 the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or 2 the topicid parameter...
CVE-2009-3804
CVE-2009-3804 affects RunCMS 2M1, specifically the forum module (modules/forum/post.php) and related code (modules/forum/class/class.forumposts.php). The vulnerability involves multiple SQL injection paths where remote authenticated users can execute arbitrary SQL commands via (1) pid and (2) top...
CVE-2009-3814
Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...
CVE-2009-3814
CVE-2009-3814 describes a static code injection in RunCMS 2M1. The vulnerability allows remote authenticated administrators to execute arbitrary PHP code through the ilter/Banning eature, demonstrated by modifying modules/system/cache/bademails.php via the "Prohibited: Emails" action and other u...