Lucene search
K

49 matches found

Prion
Prion
added 2010/12/01 4:6 p.m.13 views

Open redirect

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action...

5.8CVSS7AI score0.09254EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2010/12/01 4:6 p.m.15 views

Information disclosure

The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to phpinfo in misc.php...

5CVSS6.9AI score0.01616EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2010/12/01 4:0 p.m.20 views

CVE-2010-4357

SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter...

8.3AI score0.0098EPSS
Exploits1References3
Cvelist
Cvelist
added 2010/12/01 4:0 p.m.21 views

CVE-2008-7267

SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter...

8.4AI score0.01185EPSS
Exploits0References4
Cvelist
Cvelist
added 2010/12/01 4:0 p.m.24 views

CVE-2008-7268

The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to phpinfo in misc.php...

6.3AI score0.01616EPSS
Exploits0References4
CVE
CVE
added 2010/12/01 4:0 p.m.77 views

CVE-2008-7269

CVE-2008-7269 is an open-redirect flaw affecting SiteEngine 5.x (notably in api.php) where a user-controlled forward parameter in a logout action can redirect victims to arbitrary sites. The vulnerability enables user-assisted remote attack chains for phishing or similar redirects. The Nuclei tem...

5.8CVSS6.8AI score0.09254EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2010/12/01 4:0 p.m.42 views

CVE-2010-4357

CVE-2010-4357: SiteEngine 7.1 contains a SQL injection in comments.php via the module parameter, enabling remote arbitrary SQL execution. Technical detail: vulnerable component is the comments.php handler in SiteEngine 7.1; exploit vector is passing crafted module parameters to trigger SQL comman...

7.5CVSS8.7AI score0.0098EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2010/12/01 4:0 p.m.48 views

CVE-2008-7268

SiteEngine 5.x is affected by CVE-2008-7268 via a phpinfo information-disclosure in misc.php when action=php_info is supplied, allowing remote attackers to obtain system information. The connected documents reiterate the description; no remediation patch/version is provided in the supplied source...

5CVSS6.5AI score0.01616EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2010/12/01 4:0 p.m.49 views

CVE-2008-7267

CVE-2008-7267 describes a SQL injection in SiteEngine 5.x, specifically in announcements.php, where the vulnerable parameter is id. The root cause is improper handling of user input leading to arbitrary SQL execution by remote attackers. Impact is partial confidentiality/integrity/availability lo...

7.5CVSS8.7AI score0.01185EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2010/12/01 4:0 p.m.21 views

CVE-2008-7269

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action...

6.6AI score0.09254EPSS
Exploits0References3
seebug.org
seebug.org
added 2010/11/27 12:0 a.m.16 views

SiteEngine 6.0 XSS vulnerability

网站引擎SiteEngine,全称:博卡网站引擎管理系统,软件基于PHP程序和Mysql数据库开发,采用B/S体系结构。 POC: http://server/comments.php?module=news&id=XSS http://server/news.php?pagestart=1&classid=XSS http://server/search.php?searchword=XSS SiteEngine 6.0 厂商补丁: SiteEngine ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

7.1AI score
Exploits0
0day.today
0day.today
added 2010/11/26 12:0 a.m.18 views

SiteEngine <= 7.1 SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================= SiteEngine = 7.1 SQL Injection Vulnerability ============================================= Title: SiteEngine 7.1 SQL injection Vulnerability Date: 2010-11-25 Author: Beach Team: www.linux520.com...

7.1AI score
Exploits0
myhack58
myhack58
added 2010/11/26 12:0 a.m.13 views

SiteEngine 6.0 &7.1 SQL injection vulnerability-vulnerability warning-the black bar safety net

Title: SiteEngine 6.0 SQL injectionvulnerability Date: 2010-11-25 Author: Beach Team: www.linux520.com Vendors: www.siteengine.netwww.boka.cn Keywords: "Powered by SiteEngine" //300,000 + Description: The use of this vulnerability requires that the comment function is turned ONON by default The u...

7.9AI score
Exploits0
Exploit DB
Exploit DB
added 2010/11/25 12:0 a.m.26 views

SiteEngine 7.1 - SQL Injection

Title: SiteEngine 7.1 SQL injection Vulnerability Date: 2010-11-25 Author: Beach Team: www.linux520.com Vendor: www.siteengine.net www.boka.cn Dork: "Powered by SiteEngine" //300,000 + Language:PHP Greetz: birdarmy Description: Exploit this vulnerability comment must be enabled default == enable...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2010/11/25 12:0 a.m.20 views

SiteEngine 6.0 SQL注入漏洞

网站引擎SiteEngine,全称:博卡网站引擎管理系统,软件基于PHP程序和Mysql数据库开发,采用B/S体系结构。 利用这个漏洞需要评论功能开启默认开启 SiteEngine 6.0 厂商补丁: SiteEngine ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.siteengine.net/...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2010/11/25 12:0 a.m.5 views

SiteEngine 7.1 - SQL Injection

SiteEngine 7.1 - SQL Injection Title: SiteEngine 7.1 SQL injection Vulnerability Date: 2010-11-25 Author: Beach Team: www.linux520.com Vendor: www.siteengine.net www.boka.cn Dork: "Powered by SiteEngine" //300,000 + Language:PHP Greetz: birdarmy Description: Exploit this vulnerability comment mus...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2010/11/25 12:0 a.m.34 views

SiteEngine 7.1 SQL注入漏洞

网站引擎SiteEngine,全称:博卡网站引擎管理系统,软件基于PHP程序和Mysql数据库开发,采用B/S体系结构。 利用这个漏洞需要评论功能开启,默认开启 SiteEngine 7.1 厂商补丁: SiteEngine ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.siteengine.net/ 企业门户版本:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2010/10/14 12:0 a.m.19 views

SiteEngine 博卡网站引擎管理系统5.1.0 存在文件上传漏洞

网站引擎SiteEngine,全称:博卡网站引擎管理系统,软件基于PHP程序和Mysql数据库开发,采用B/S体系结构。 首先先看第一段代码.是对文件后缀进行检查的。 1. 2. $attach'name' = $filename = strreplace " ", "", $attach'name' ; //去掉文件名的空格 3. $attach'ext' = $extension = strtolower fileext $attach'name' ; //取得文件的后缀名并变成小写 4. 5. //转义文件后缀名的正则表达式字符,并匹配合法的文件后缀名 6. if...

7AI score
Exploits0
myhack58
myhack58
added 2010/09/15 12:0 a.m.24 views

SiteEngine CMS 5.1.0 file upload vulnerability-vulnerability warning-the black bar safety net

Website engineSiteEngine,name: Boca website, the engine management system, The Beijing Boca vanguard Software Development Co., Ltd. in 2 0 0 2-year independent research and development, with intellectual property rights of a marketing type website construction management class software. At the sa...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2010/09/06 12:0 a.m.17 views

SiteEngine CMS 5.1.0 文件上传漏洞

网站引擎SiteEngine,全称:博卡网站引擎管理系统,是北京博卡先锋软件开发有限公司于2002年自主研发的,具有知识产权的一款营销型网站建设管理类软件。同时,网站引擎于2004年通过中国软件评测中心CSTC软件产品测试,是获得国家信息产业部认可的软件产品。 软件基于PHP程序和Mysql数据库开发,完全采用B/S体系结构,无客户端,可跨Unix/Lin- ux/FreeBSD/Solaris/Windows2000/XP/2003/Vista等操作系统平台应用...

7AI score
Exploits0
Rows per page
Query Builder