104 matches found
CVE-2012-5916
Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to 1 docs/new/seditio-createnew-160.sql, 2 docs/upgrade/seditoconverttoutf8.optional.sql, or 3 system/install/install.parser.sql...
CVE-2012-5914
Multiple cross-site scripting XSS vulnerabilities in the sedimport function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the 1 newmsg or 2 rtext parameter. NOTE: some of these details are obtained from third party...
CVE-2012-5915
Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to 1 view.php, 2 plugins/contact/lang/contact.en.lang.php, 3 system/lang/en/main.lang.php, 4 system/lang/en/message.lang.php, or 5 system/core/view/view.inc.php, which reveals the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the sedimport function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the 1 newmsg or 2 rtext parameter. NOTE: some of these details are obtained from third party...
Information disclosure
Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to 1 docs/new/seditio-createnew-160.sql, 2 docs/upgrade/seditoconverttoutf8.optional.sql, or 3 system/install/install.parser.sql...
Information disclosure
Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to 1 view.php, 2 plugins/contact/lang/contact.en.lang.php, 3 system/lang/en/main.lang.php, 4 system/lang/en/message.lang.php, or 5 system/core/view/view.inc.php, which reveals the...
CVE-2012-5915
Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to 1 view.php, 2 plugins/contact/lang/contact.en.lang.php, 3 system/lang/en/main.lang.php, 4 system/lang/en/message.lang.php, or 5 system/core/view/view.inc.php, which reveals the...
CVE-2012-5916
Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to 1 docs/new/seditio-createnew-160.sql, 2 docs/upgrade/seditoconverttoutf8.optional.sql, or 3 system/install/install.parser.sql...
CVE-2012-5914
Multiple cross-site scripting XSS vulnerabilities in the sedimport function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the 1 newmsg or 2 rtext parameter. NOTE: some of these details are obtained from third party...
CVE-2012-5916
CVE-2012-5916 concerns Neocrome Seditio build 161, where a remote attacker can disclose sensitive information by directly requesting one of three SQL files: docs/new/seditio-createnew-160.sql, docs/upgrade/sedito_convert_to_utf8.optional.sql, or system/install/install.parser.sql. The accompanying...
CVE-2012-5915
CVE-2012-5915 affects Neocrome Seditio builds 161 and earlier. The vulnerability is an information-disclosure flaw where remote attackers can cause an error message to reveal the installation path by directly requesting any of the following: view.php, plugins/contact/lang/contact.en.lang.php, sys...
CVE-2012-5914
Neocrome Seditio builds 160 and 161 contain multiple XSS vulnerabilities in the sed_import function (system/functions.php), exploitable via the newmsg or rtext parameters. Remote attackers could inject arbitrary web script or HTML. No explicit remediation information is provided in the connected ...
Cotonti 0.6.23 SQL Injection Vulnerability
Exploit for php platform in category web applications ================================================================== Vulnerable Software: cotonti-0.6.23 Official Site: http://www.cotonti.com/ Tested version: http://cotonti.googlecode.com/files/cotonti-0.6.23.7z...
seditio-build170.20120302_sql_injection_CSRF_info_disclosure_XSS.txt
============================================================ Vulnerable Software: Seditio 170 seditio-build170.20120302 Downloaded from:http://www.neocrome.net/files/code/seditio-build170.20120302.rar MD5 SUM:beb6adc6abb56f947698c1efdbae9430 seditio-build170.20120302.rar...
seditio_PmOS_plugin_XSS_vuln
============================================================================ Vulnerable Software: PmOS - Pm Okuma Sistemi plugin for Seditio CMS. http://seditio-eklenti.com/datas/users/1-pmoku.rar MD5 SUM: 88235c2b4b0613bff87545d2d887f042 1-pmoku.rar...
t3_dbtools_seditio_plugin_CSRF
====================================================================== Vulnerable software: T3 DB Tools Version 1.6 seditio database management plugin. Developed by : http://www.t3-design.com/t3-db-tools/ MD5 SUM: 8ab362601793e238f504783fd9953dd4 dbtools.rar...
sfquickban_plugin_CSRF
================================================================ Vulnerable Software: SF - Quick Ban sfquickban version 1.0 is Plugin for Seditio CMS. http://www.seditioforge.com/plugins/administration/sf-quick-ban-i65.html http://www.seditioforge.com/page.php?id=65&a=dl MD5 SUM:...
Seditio CMS 165 - plug.php SQL Injection
Seditio CMS 165 - plug.php SQL Injection source: https://www.securityfocus.com/bid/53036/info Seditio CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Seditio 165 SQL Injection / Denial Of Service
cs Seditio 165 from seditio-eklenti.com Denial Of Service exploit by AkaStep. We will exploit Sql injection using this exploit and as result we will cause Denial of Service. Mysql server will go down or will overloaded +server will get overloadedHigh CPU Load. // Vuln Discovered By AkaStep +...
Seditio CMS 165 - 'plug.php' SQL Injection
source: https://www.securityfocus.com/bid/53036/info Seditio CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...