34 matches found
EUVD-2005-4491
Malware in sbrugna...
EUVD-2006-5090
Malware in sbrugna...
SyntaxCMS <= 1.3 (fckeditor) Arbitrary File Upload Exploit
No description provided by source. ?php / -------------------------------------------------------------- Syntax CMS = 1.3 fckeditor Arbitrary File Upload Exploit -------------------------------------------------------------- Gr33ts t0 : EgiX, ThE GeNeRal L0s3r , Houssamix ,Str0ke == special THank...
SyntaxCMS Search Query Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16033/info SyntaxCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scri...
SyntaxCMS <= 1.3 (0004_init_urls.php) Remote File Include Vulnerability
No description provided by source...
SQL injection vulnerability in SyntaxCMS
Vulnerability ID: HTB22540 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinsyntaxcms.html Product: SyntaxCMS Vendor: Forum One Communications http://www.syntaxcms.org/ Vulnerable Version: 1.3 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerability Type: S...
SQL injection vulnerability in SyntaxCMS
Vulnerability ID: HTB22540 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinsyntaxcms.html Product: SyntaxCMS Vendor: Forum One Communications http://www.syntaxcms.org/ Vulnerable Version: 1.3 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerability Type: S...
SyntaxCMS 1.3 SQL Injection
Vulnerability ID: HTB22540 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinsyntaxcms.html Product: SyntaxCMS Vendor: Forum One Communications http://www.syntaxcms.org/ Vulnerable Version: 1.3 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerability Type: S...
SyntaxCMS - rows_per_page SQL Injection
SyntaxCMS - rowsperpage SQL Injection source: https://www.securityfocus.com/bid/42436/info SyntaxCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...
SyntaxCMS - 'rows_per_page' SQL Injection
source: https://www.securityfocus.com/bid/42436/info SyntaxCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...
SQL Injection Vulnerability in SyntaxCMS
High-Tech Bridge SA Security Research Lab has discovered vulnerability in SyntaxCMS which could be exploited to execute arbitrary SQL commands in applications database. 1 SQL injection vulnerability in SyntaxCMS An input validation error exists in the "rowsperpage" parameter in...
SyntaxCMS 1.3 Remote File Inclusion
SyntaxCMS Download: Date: 13.02.2010 Remote: yes Vuln : SyntaxCMSpath/public/admin/testing/tests/0004initurls.php includeonce $initpath . '/init.urls.php' ; PoC : SyntaxCMSpath/admin/testing/tests/0004initurls.php?initpath=Shell GreetZ : myself...
SyntaxCMS 'upload.php'任意文件上传漏洞
BUGTRAQ ID: 29422 CNCAN ID:CNCAN-200805304 SyntaxCMS是一款基于PHP的内容管理程序。 SyntaxCMS不正确处理用户提交的文件,远程攻击者可以利用漏洞上传任意文件,并以WEB权限执行。 问题存在于'/public/fckeditor/editor/filemanager/upload/php/upload.php'脚本中,默认的脚本配置可导致恶意攻击者上传包含PHP代码的任意文件,并以WEB权限执行。 SyntaxCMS 1.3 目前没有详细解决方案提供: http://www.syntaxcms.org/ ?php /...
SyntaxCMS <= 1.3 (fckeditor) Arbitrary File Upload Exploit
No description provided by source. ?php / -------------------------------------------------------------- Syntax CMS = 1.3 fckeditor Arbitrary File Upload Exploit -------------------------------------------------------------- Gr33ts t0 : EgiX, ThE GeNeRal L0s3r , Houssamix ,Str0ke == special THank...
SyntaxCMS <= 1.3 (fckeditor) Arbitrary File Upload Exploit
No description provided by source. ?php / -------------------------------------------------------------- Syntax CMS = 1.3 fckeditor Arbitrary File Upload Exploit -------------------------------------------------------------- Gr33ts t0 : EgiX, ThE GeNeRal L0s3r , Houssamix ,Str0ke == special THank...
SyntaxCMS 1.3 - FCKeditor Arbitrary File Upload
SyntaxCMS 1.3 - FCKeditor Arbitrary File Upload special THanks to EgiX For the Exploit Code author...: Stack mail.....: Ev!L descr: if the web site change the name of path or path is /public/ you can delet /public/ in the exploit in the line : "POST...
SyntaxCMS <= 1.3 (fckeditor) Arbitrary File Upload Exploit
Exploit for unknown platform in category web applications ========================================================== SyntaxCMS special THanks to EgiX For the Exploit Code author...: Stack mail.....: Ev!L descr: if the web site change the name of path or path is /public/ you can delet /public/ in...
CVE-2006-5105
Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in 1 the initpath parameter to admin/testing/tests/0030initsyntax.php, or 2 an unspecified parameter to admin/testing/index.php. NOTE: the...
CVE-2006-5105
Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in 1 the initpath parameter to admin/testing/tests/0030initsyntax.php, or 2 an unspecified parameter to admin/testing/index.php. NOTE: the...
CVE-2006-5105
SyntaxCMS versions 1.1.1–1.3 are vulnerable to PHP remote file inclusion via unvalidated input in admin/testing/tests/0030_init_syntax.php (init_path) and in admin/testing/index.php (unspecified parameter); the 0004_init_urls.php vector is already covered by CVE-2006-5055. This allows remote atta...