Lucene search
K

348 matches found

Exploit DB
Exploit DB
added 2010/07/11 12:0 a.m.27 views

RunCMS 2.1 - 'magpie_debug.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41551/info RunCms is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2010/07/11 12:0 a.m.39 views

Re: RunCMS XSS Vulnerability via User Agent

Html tags were removed from the advisory during the submission process. Hopefully the following advisory will correct this. Title: RunCMS XSS Vulnerability via User Agent Vendor: RunCMS Product: RunCMS Tested Version: 2.1 Threat Class: XSS Severity: Medium Remote: yes Local: no Discovered By:...

6.2AI score
Exploits0
Packet Storm
Packet Storm
added 2010/07/08 12:0 a.m.24 views

runcms-xss.txt

Title: RunCMS XSS Vulnerability via User Agent Vendor: RunCMS Product: RunCMS Tested Version: 2.1 Threat Class: XSS Severity: Medium Remote: yes Local: no Discovered By: Andrei Rimsa Alvares ===== Description ===== RunCMS is prone to a XSS vulnerability by mangling the user-agent field on a http...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2010/07/08 12:0 a.m.66 views

RunCMS XSS Vulnerability via User Agent

Title: RunCMS XSS Vulnerability via User Agent Vendor: RunCMS Product: RunCMS Tested Version: 2.1 Threat Class: XSS Severity: Medium Remote: yes Local: no Discovered By: Andrei Rimsa Alvares ===== Description ===== RunCMS is prone to a XSS vulnerability by mangling the user-agent field on a http...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/07/07 12:0 a.m.31 views

RunCMS 2.1 - 'check.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41448/info RunCms is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/07/07 12:0 a.m.13 views

RunCMS 2.1 - check.php Cross-Site Scripting

RunCMS 2.1 - check.php Cross-Site Scripting source: https://www.securityfocus.com/bid/41448/info RunCms is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser o...

6.8AI score
Exploits0
Prion
Prion
added 2009/10/27 4:30 p.m.18 views

Sql injection

Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via 1 the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or 2 the topicid parameter...

6.5CVSS8.8AI score0.00806EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2009/10/27 4:30 p.m.18 views

Code injection

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

6.5CVSS8AI score0.01068EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2009/10/27 4:30 p.m.12 views

CVE-2009-3804

Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via 1 the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or 2 the topicid parameter...

6.5CVSS8.1AI score0.00806EPSS
Exploits1References2
NVD
NVD
added 2009/10/27 4:30 p.m.17 views

CVE-2009-3815

RunCMS 2M1, when running with certain errorreporting levels, allows remote attackers to obtain sensitive information via 1 the op parameter to modules/contact/index.php or 2 uid parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a ca...

5CVSS6.2AI score0.0114EPSS
Exploits1References1
NVD
NVD
added 2009/10/27 4:30 p.m.15 views

CVE-2009-3814

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

6.5CVSS7.5AI score0.01068EPSS
Exploits1References1
Prion
Prion
added 2009/10/27 4:30 p.m.15 views

Design/Logic Flaw

RunCMS 2M1, when running with certain errorreporting levels, allows remote attackers to obtain sensitive information via 1 the op parameter to modules/contact/index.php or 2 uid parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a ca...

5CVSS6.8AI score0.0114EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2009/10/27 4:30 p.m.27 views

CVE-2009-3813

Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the 1 forum parameter to modules/forum/post.php and possibly 2 forumid variable to modules/forum/class/class.permissions.php...

6.5CVSS8.2AI score0.00898EPSS
Exploits1References2
Prion
Prion
added 2009/10/27 4:30 p.m.33 views

Sql injection

Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the 1 forum parameter to modules/forum/post.php and possibly 2 forumid variable to modules/forum/class/class.permissions.php...

6.5CVSS8.9AI score0.00898EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2009/10/27 4:0 p.m.32 views

CVE-2009-3813

Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the 1 forum parameter to modules/forum/post.php and possibly 2 forumid variable to modules/forum/class/class.permissions.php...

8.2AI score0.00898EPSS
Exploits1References2
Cvelist
Cvelist
added 2009/10/27 4:0 p.m.18 views

CVE-2009-3804

Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via 1 the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or 2 the topicid parameter...

8.1AI score0.00806EPSS
Exploits1References2
CVE
CVE
added 2009/10/27 4:0 p.m.48 views

CVE-2009-3815

CVE-2009-3815 affects RunCMS 2M1. When run with certain error_reporting levels, remote attackers can access sensitive information via the op[] parameter to modules/contact/index.php or the uid[] parameter to userinfo.php, causing an error message to leak the installation path through preg_match. ...

5CVSS6.2AI score0.0114EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2009/10/27 4:0 p.m.41 views

CVE-2009-3814

CVE-2009-3814 describes a static code injection in RunCMS 2M1. The vulnerability allows remote authenticated administrators to execute arbitrary PHP code through the ilter/Banningeature, demonstrated by modifying modules/system/cache/bademails.php via the "Prohibited: Emails" action and other u...

6.5CVSS7.5AI score0.01068EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2009/10/27 4:0 p.m.70 views

CVE-2009-3804

CVE-2009-3804 affects RunCMS 2M1, specifically the forum module (modules/forum/post.php) and related code (modules/forum/class/class.forumposts.php). The vulnerability involves multiple SQL injection paths where remote authenticated users can execute arbitrary SQL commands via (1) pid and (2) top...

6.5CVSS8.2AI score0.00806EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2009/10/27 4:0 p.m.22 views

CVE-2009-3815

RunCMS 2M1, when running with certain errorreporting levels, allows remote attackers to obtain sensitive information via 1 the op parameter to modules/contact/index.php or 2 uid parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a ca...

6.2AI score0.0114EPSS
Exploits1References1
Rows per page
Query Builder