15 matches found
EUVD-2008-6404
Malware in sbrugna...
EUVD-2010-3466
Malware in sbrugna...
EUVD-2008-6403
Malware in sbrugna...
CVE-2010-3468
Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. dot dot in the FILEID parameter to the default URI under tasks/render/file/...
Directory traversal
Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. dot dot in the FILEID parameter to the default URI under tasks/render/file/...
CVE-2010-3468
CVE-2010-3468 describes a directory traversal in Mura CMS (fileManager.cfc) that lets an attacker read arbitrary server files by manipulating the FILEID parameter in the default URI under tasks/render/file/. Affected are Mura CMS 5.1 prior to 5.1.498, 5.2 prior to 5.2.2809, and Sava CMS 5.x up to...
CVE-2010-3468
Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. dot dot in the FILEID parameter to the default URI under tasks/render/file/...
Cross site scripting
Cross-site scripting XSS vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action...
Sql injection
SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter...
CVE-2008-6433
Cross-site scripting XSS vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action...
CVE-2008-6434
SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter...
CVE-2008-6433
The CVE-2008-6433 issue affects Blue River Interactive Group Sava CMS prior to version 5.0.122. A cross-site scripting (XSS) vulnerability exists in index.cfm where the keywords parameter in a search action can be exploited to inject arbitrary web script or HTML. This is a remote impact vulnerabi...
CVE-2008-6433
Cross-site scripting XSS vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action...
CVE-2008-6434
The CVE-2008-6434 issue affects Blue River Interactive Group Sava CMS prior to version 5.0.122. The vulnerability is an SQL injection in index.cfm via the LinkServID parameter, allowing remote attackers to execute arbitrary SQL commands. The NVD entry lists a base severity of HIGH (CVSS v2: AV:N/...
CVE-2008-6434
SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter...