75 matches found
CVE-2008-2082
CVE-2008-2082: XSS vulnerability in Siteman 2.0.x2 (index.php) where an attacker can inject arbitrary script/HTML via the module parameter, with the error message leaking the path. Affected software is Siteman 2.0.x2; the vulnerability is triggered through the module parameter and is confirmed by...
CVE-2008-2081
The CVE-2008-2081 entry documents a directory traversal (Local File Inclusion) in index.php of Siteman 2.0.x2. The issue, exploitable by remote authenticated administrators via a .. in the module parameter, enables inclusion and execution of arbitrary local files. Root cause: insufficient input s...
siteman2x-multi.txt
Siteman 2.X 0Day Multiple Remote Vulnerabilities CODE EXECUTION/LFI/XSS AUTHOR : IRCRASH Dr.Crash Or Khashayar Fereidani Discovered by : IRCRASH Dr.Crash Or Khashayar Fereidani IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr IRCRASH BUGTRA...
Siteman 2.0.x2 - module Cross-Site Scripting Local File Inclusion
Siteman 2.0.x2 - module Cross-Site Scripting Local File Inclusion source: https://www.securityfocus.com/bid/28943/info Siteman is prone to a local file-include vulnerability and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacke...
Siteman 2.x (EXEC/LFI/XSS) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ========================================================== Siteman 2.x EXEC/LFI/XSS Multiple Remote Vulnerabilities ========================================================== Siteman 2.X 0Day Multiple Remote Vulnerabilities CODE...
Siteman 2.x (EXEC/LFI/XSS) Multiple Remote Vulnerabilities
No description provided by source. Siteman 2.X 0Day Multiple Remote Vulnerabilities CODE EXECUTION/LFI/XSS AUTHOR : IRCRASH Dr.Crash Or Khashayar Fereidani Discovered by : IRCRASH Dr.Crash Or Khashayar Fereidani IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de -...
Siteman 2.x - Code Execution Local File Inclusion Cross-Site Scripting
Siteman 2.x - Code Execution Local File Inclusion Cross-Site Scripting Siteman 2.X 0Day Multiple Remote Vulnerabilities CODE EXECUTION/LFI/XSS AUTHOR : IRCRASH Dr.Crash Or Khashayar Fereidani Discovered by : IRCRASH Dr.Crash Or Khashayar Fereidani IRCRASH Team Members : Dr.Crash Or Khashayar...
Siteman 2.0.x2 - 'module' Cross-Site Scripting / Local File Inclusion
source: https://www.securityfocus.com/bid/28943/info Siteman is prone to a local file-include vulnerability and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this as a cross-site scripting issue to execute...
Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting
Siteman 2.X 0Day Multiple Remote Vulnerabilities CODE EXECUTION/LFI/XSS AUTHOR : IRCRASH Dr.Crash Or Khashayar Fereidani Discovered by : IRCRASH Dr.Crash Or Khashayar Fereidani IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr IRCRASH BUGTRA...
Siteman 1.1.9 (cat) Remote File Disclosure Vulnerability
No description provided by source. Siteman V:1.1.9 File Disclosure Vulnerability BY IRCRASH AUTHOR : IRCRASH Dr.Crash Page Address: http://Sitename/articles.php?do=viewart&id=%00&cat=file name%00 Dork : "Siteman Version 1.1.9" Our site : HTTP://IRCRASH.COM sebug.net...
Directory traversal
Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action...
CVE-2008-0452
CVE-2008-0452 describes a directory traversal vulnerability in the Siteman 1.1.9 product, specifically in articles.php where the cat parameter in the viewart action can be manipulated to read arbitrary files. The affected component is the viewart action of articles.php within Siteman 1.1.9. The u...
CVE-2008-0452
Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action...
siteman-disclose.txt
Siteman V:1.1.9 File Disclosure Vulnerability BY IRCRASH AUTHOR : IRCRASH Dr.Crash Page Address: http://Sitename/articles.php?do=viewart&id=%00&cat=file name%00 Dork : "Siteman Version 1.1.9" Our site : HTTP://IRCRASH.COM...
Siteman 1.1.9 (cat) Remote File Disclosure Vulnerability
Exploit for unknown platform in category web applications ======================================================= iteman 1.1.9 cat Remote File Disclosure Vulnerability ======================================================= Siteman V:1.1.9 File Disclosure Vulnerability BY IRCRASH AUTHOR : IRCRASH...
Siteman 1.1.9 - cat Remote File Disclosure
Siteman 1.1.9 - cat Remote File Disclosure Siteman V:1.1.9 File Disclosure Vulnerability BY IRCRASH AUTHOR : IRCRASH Dr.Crash Page Address: http://Sitename/articles.php?do=viewart&id=%00&cat=file name%00 Dork : "Siteman Version 1.1.9" Our site : HTTP://IRCRASH.COM milw0rm.com 2008-01-23...
Siteman 1.1.9 - 'cat' Remote File Disclosure
Siteman V:1.1.9 File Disclosure Vulnerability BY IRCRASH AUTHOR : IRCRASH Dr.Crash Page Address: http://Sitename/articles.php?do=viewart&id=%00&cat=file name%00 Dork : "Siteman Version 1.1.9" Our site : HTTP://IRCRASH.COM milw0rm.com 2008-01-23...
Improper access control
Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt...
Improper access control
Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD...
CVE-2007-0594
Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD...