SilverStripe CMS Pixlr Image Editor - upload.php Arbitrary File Upload

SilverStripe CMS Pixlr Image Editor - upload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/54172/info Pixlr Image Editor is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplie...

SilverStripe CMS 2.4.7 (install.php) Remote Command Execution

Exploit for php platform in category web applications Exploit Title: SilverStripe CMS 2.4.7 install.php Remote Command Execution Exploit Date: 26 Nisan 2012 Author: Mehmet INCE Twitter: https://twitter.com/!/mmetince Company: Bilgi Güvenliği Akademisi www.bga.com.tr Software Link:...

Silverstripe CMS Cross Site Scripting

|| | | | \ | | / / \ / / | | / \ / | | \ \ / | \ / |\ \ \ /| | | | | | \ |/ | Y Y \ \ / // | / \ \ / |//|| / /|| / /\ | / /|| / / / / / / / silverstripe CMS persisten XSS vulnerabilties vendor: http://demo.silverstripe.org Author: Karthik R 3psil0nLambDa Email:...

Уязвимости в Silverstripe CMS

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Brute Force, Insufficient Anti-automation и Abuse of Functionality уязвимостях в Silverstripe CMS. Brute Force WASC-11: http://site/Security/login Insufficient Anti-automation WASC-21: http://site/contact-us/ http://site/Security/lostpassword В...

SilverStripe CMS 2.4 - File Renaming Security Bypass

SilverStripe CMS 2.4 - File Renaming Security Bypass source: https://www.securityfocus.com/bid/40679/info SilverStripe CMS is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to rename uploaded files on the affected webserver. Successful exploits may allow...

SilverStripe CMS 2.4 - File Renaming Security Bypass

source: https://www.securityfocus.com/bid/40679/info SilverStripe CMS is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to rename uploaded files on the affected webserver. Successful exploits may allow attackers to execute arbitrary code within the context of...

SilverStripe CMS 2.4.0 Remote Shell Upload

============================================================================================================ //\ /\ /\ /\ /\ /\ ///\ //\ /\ /\///\ // \ // //\ \ / //\ \ / // //\ \ /\\ \ \ \ / / / / // \ \ // // // // \ // //\ \\ \ // /// \ \ / \ / // / // / / / / / \ \ / / / ...

SilverStripe CMS Running in Development Mode

The SilverStripe CMS install hosted on the remote web server appears to be running in development mode. When running in development mode, debugging tools are accessible without authentication, which could enable an attacker to gain sensitive information relating to the application. %NASLMINLEVEL...

Silverstripe <= v2.3.4: XSS vulnerabilities

No description provided by source. Silverstripe CMS, http://silverstripe.org/, version 2.3.4 and lower and its unreleased 2.4 branch, is vulnerable to two Cross Site Scripting issues. 1. The comment posting mechanism of Silverstripe 'PostCommentForm' fails to properly sanitize the 'CommenterURL'...

Silverstripe <= v2.3.4: two XSS vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Silverstripe CMS, http://silverstripe.org/, version 2.3.4 and lower and its unreleased 2.4 branch, is vulnerable to two Cross Site Scripting issues. 1. The comment posting mechanism of Silverstripe 'PostCommentForm' fails to properly sanitize the...

Silverstripe CMS 2.3.4 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Silverstripe CMS, , version 2.3.4 and lower and its unreleased 2.4 branch, is vulnerable to two Cross Site Scripting issues. 1. The comment posting mechanism of Silverstripe 'PostCommentForm' fails to properly sanitize the 'CommenterURL' parameter...