Lucene search
+L

104 matches found

nvd
nvd
added 2012/11/17 9:55 p.m.15 views

CVE-2012-5916

Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to 1 docs/new/seditio-createnew-160.sql, 2 docs/upgrade/seditoconverttoutf8.optional.sql, or 3 system/install/install.parser.sql...

5CVSS6.2AI score0.01296EPSS
Exploits1References2
nvd
nvd
added 2012/11/17 9:55 p.m.12 views

CVE-2012-5914

Multiple cross-site scripting XSS vulnerabilities in the sedimport function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the 1 newmsg or 2 rtext parameter. NOTE: some of these details are obtained from third party...

2.6CVSS5.8AI score0.01321EPSS
Exploits1References6
nvd
nvd
added 2012/11/17 9:55 p.m.16 views

CVE-2012-5915

Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to 1 view.php, 2 plugins/contact/lang/contact.en.lang.php, 3 system/lang/en/main.lang.php, 4 system/lang/en/message.lang.php, or 5 system/core/view/view.inc.php, which reveals the...

5CVSS6.2AI score0.01173EPSS
Exploits0References2
prion
prion
added 2012/11/17 9:55 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the sedimport function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the 1 newmsg or 2 rtext parameter. NOTE: some of these details are obtained from third party...

2.6CVSS6.1AI score0.01321EPSS
Exploits1References6
prion
prion
added 2012/11/17 9:55 p.m.14 views

Information disclosure

Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to 1 docs/new/seditio-createnew-160.sql, 2 docs/upgrade/seditoconverttoutf8.optional.sql, or 3 system/install/install.parser.sql...

5CVSS6.7AI score0.01296EPSS
Exploits1References2
prion
prion
added 2012/11/17 9:55 p.m.12 views

Information disclosure

Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to 1 view.php, 2 plugins/contact/lang/contact.en.lang.php, 3 system/lang/en/main.lang.php, 4 system/lang/en/message.lang.php, or 5 system/core/view/view.inc.php, which reveals the...

5CVSS6.8AI score0.01173EPSS
Exploits0References2
cvelist
cvelist
added 2012/11/17 9:0 p.m.25 views

CVE-2012-5915

Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to 1 view.php, 2 plugins/contact/lang/contact.en.lang.php, 3 system/lang/en/main.lang.php, 4 system/lang/en/message.lang.php, or 5 system/core/view/view.inc.php, which reveals the...

6.2AI score0.01173EPSS
Exploits0References2
cvelist
cvelist
added 2012/11/17 9:0 p.m.23 views

CVE-2012-5916

Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to 1 docs/new/seditio-createnew-160.sql, 2 docs/upgrade/seditoconverttoutf8.optional.sql, or 3 system/install/install.parser.sql...

6.2AI score0.01296EPSS
Exploits1References2
cvelist
cvelist
added 2012/11/17 9:0 p.m.21 views

CVE-2012-5914

Multiple cross-site scripting XSS vulnerabilities in the sedimport function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the 1 newmsg or 2 rtext parameter. NOTE: some of these details are obtained from third party...

5.8AI score0.01321EPSS
Exploits1References6
cve
cve
added 2012/11/17 9:0 p.m.40 views

CVE-2012-5916

CVE-2012-5916 concerns Neocrome Seditio build 161, where a remote attacker can disclose sensitive information by directly requesting one of three SQL files: docs/new/seditio-createnew-160.sql, docs/upgrade/sedito_convert_to_utf8.optional.sql, or system/install/install.parser.sql. The accompanying...

5CVSS6.4AI score0.01296EPSS
Exploits1References2Affected Software1
cve
cve
added 2012/11/17 9:0 p.m.36 views

CVE-2012-5915

CVE-2012-5915 affects Neocrome Seditio builds 161 and earlier. The vulnerability is an information-disclosure flaw where remote attackers can cause an error message to reveal the installation path by directly requesting any of the following: view.php, plugins/contact/lang/contact.en.lang.php, sys...

5CVSS6.4AI score0.01173EPSS
Exploits0References2Affected Software1
cve
cve
added 2012/11/17 9:0 p.m.38 views

CVE-2012-5914

Neocrome Seditio builds 160 and 161 contain multiple XSS vulnerabilities in the sed_import function (system/functions.php), exploitable via the newmsg or rtext parameters. Remote attackers could inject arbitrary web script or HTML. No explicit remediation information is provided in the connected ...

2.6CVSS5.9AI score0.01321EPSS
Exploits1References6Affected Software1
zdt
zdt
added 2012/06/22 12:0 a.m.41 views

Cotonti 0.6.23 SQL Injection Vulnerability

Exploit for php platform in category web applications ================================================================== Vulnerable Software: cotonti-0.6.23 Official Site: http://www.cotonti.com/ Tested version: http://cotonti.googlecode.com/files/cotonti-0.6.23.7z...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.72 views

seditio-build170.20120302_sql_injection_CSRF_info_disclosure_XSS.txt

============================================================ Vulnerable Software: Seditio 170 seditio-build170.20120302 Downloaded from:http://www.neocrome.net/files/code/seditio-build170.20120302.rar MD5 SUM:beb6adc6abb56f947698c1efdbae9430 seditio-build170.20120302.rar...

8.2AI score
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.49 views

seditio_PmOS_plugin_XSS_vuln

============================================================================ Vulnerable Software: PmOS - Pm Okuma Sistemi plugin for Seditio CMS. http://seditio-eklenti.com/datas/users/1-pmoku.rar MD5 SUM: 88235c2b4b0613bff87545d2d887f042 1-pmoku.rar...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.45 views

t3_dbtools_seditio_plugin_CSRF

====================================================================== Vulnerable software: T3 DB Tools Version 1.6 seditio database management plugin. Developed by : http://www.t3-design.com/t3-db-tools/ MD5 SUM: 8ab362601793e238f504783fd9953dd4 dbtools.rar...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.64 views

sfquickban_plugin_CSRF

================================================================ Vulnerable Software: SF - Quick Ban sfquickban version 1.0 is Plugin for Seditio CMS. http://www.seditioforge.com/plugins/administration/sf-quick-ban-i65.html http://www.seditioforge.com/page.php?id=65&a=dl MD5 SUM:...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2012/04/15 12:0 a.m.10 views

Seditio CMS 165 - plug.php SQL Injection

Seditio CMS 165 - plug.php SQL Injection source: https://www.securityfocus.com/bid/53036/info Seditio CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

0.1AI score
Exploits0
packetstorm
packetstorm
added 2012/04/15 12:0 a.m.26 views

Seditio 165 SQL Injection / Denial Of Service

cs Seditio 165 from seditio-eklenti.com Denial Of Service exploit by AkaStep. We will exploit Sql injection using this exploit and as result we will cause Denial of Service. Mysql server will go down or will overloaded +server will get overloadedHigh CPU Load. // Vuln Discovered By AkaStep +...

0.8AI score
Exploits0
exploitdb
exploitdb
added 2012/04/15 12:0 a.m.32 views

Seditio CMS 165 - 'plug.php' SQL Injection

source: https://www.securityfocus.com/bid/53036/info Seditio CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

7.4AI score
Exploits0
Rows per page
Query Builder