55 matches found
EUVD-2017-2959
Malware in sbrugna...
EUVD-2007-6129
Malware in sbrugna...
EUVD-2007-6130
Malware in sbrugna...
EUVD-2017-2958
Malware in sbrugna...
EUVD-2017-2960
Malware in sbrugna...
EUVD-2006-1504
Malware in sbrugna...
EUVD-2007-6128
Malware in sbrugna...
EUVD-2017-2961
Malware in sbrugna...
Tilde CMS Path Traversal Vulnerability
Tilde CMS is a web content management system CMS. A path traversal vulnerability exists in Tilde CMS version 1.0.1. An attacker can exploit this vulnerability by sending a 'file' parameter file to actionphp/download.File.php with a '. /' to actionphp/download.File.php with the 'file' parameter...
Tilde CMS Information Disclosure Vulnerability
Tilde CMS is a web content management system CMS. A security vulnerability exists in Tilde CMS version 1.0.1. An attacker can exploit the vulnerability by using direct references to retrieve sensitive data and download local PHP resources e.g., admin/content.php and...
Tilde CMS class.SystemAction.php file SQL injection vulnerability
Tilde CMS is a web content management system CMS. A SQL injection vulnerability exists in the class.SystemAction.php file in Tilde CMS version 1.0.1. A remote attacker can exploit this vulnerability by sending a POST request to /actionphp/action.input.php with the 'id' parameter to execute...
CVE-2017-11325
An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php...
CVE-2017-11327
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftpupload...
Sql injection
An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter...
Design/Logic Flaw
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftpupload...
CVE-2017-11326
An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation...
CVE-2017-11324
An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter...
CVE-2017-11325
An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php...
CVE-2017-11327
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftpupload...
Code injection
An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php...