CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums...

6.5CVSS7.7AI score0.0159EPSS

Exploits0References1

seebug.org•added 2014/07/01 12:0 a.m.•13 views

ToendaCMS 1.0.4 Media.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20170/info toendaCMS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to access sensitive information that cou...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•11 views

ToendaCMS 0.x/1.0.x TCMS_Administer Parameter Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19626/info ToendaCMS is prone a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PH...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•24 views

ToendaCMS 1.5.3 HTTP Get And Post Forms HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23453/info ToendaCMS is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•11 views

toendaCMS 0.6.1 Admin.PHP Directory Traversal Vulnerability

No description provided by source...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•18 views

ToendaCMS 0.x/1.0.x Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19806/info ToendaCMS is prone a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PH...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•18 views

toendaCMS <= 1.0.0 (FCKeditor) Remote File Upload Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo ToendaCMS = 1.0.0 Shizouka stable 'FuCKeditor' remote commands execution\n; echo by rgod [email protected]\n; echo site: http://retrogod.altervista.org\n; echo dork: \toendaCMS is Free Software released under the GNU/G...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•21 views

ToendaCMS 0.7 Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18178/info ToendaCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scri...

7.1AI score

Exploits0

exploitpack•added 2012/03/08 12:0 a.m.•10 views

ToendaCMS 1.6.2 - setupindex.php?site Traversal Local File Inclusion

ToendaCMS 1.6.2 - setupindex.php?site Traversal Local File Inclusion source: https://www.securityfocus.com/bid/52350/info ToendaCMS is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can...

0.1AI score

Exploits0

Exploit DB•added 2012/03/08 12:0 a.m.•15 views

ToendaCMS 1.6.2 - '/setup/index.php?site' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/52350/info ToendaCMS is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal...

7.4AI score

Exploits0

NVD•added 2007/04/13 6:19 p.m.•12 views

CVE-2007-1872

Cross-site scripting XSS vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id...

4.3CVSS5.6AI score0.10592EPSS

Exploits1References8

Prion•added 2007/04/13 6:19 p.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id...

4.3CVSS6.1AI score0.10592EPSS

Exploits1References8Affected Software1

CVE•added 2007/04/13 6:0 p.m.•45 views

CVE-2007-1872

CVE-2007-1872 concerns a cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3. The issue allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id. The NVD entry lists a MEDIUM base severity (CVSS2: AV:N/AC:M/Au:N/C:N/I:P/A:N, 4.3 overall) w...

4.3CVSS5.6AI score0.10592EPSS

Exploits1References8Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by