53 matches found
EUVD-2010-1542
Malware in sbrugna...
EUVD-2010-2014
Malware in sbrugna...
EUVD-2010-2292
Malware in sbrugna...
EUVD-2010-2291
Malware in sbrugna...
EUVD-2010-2013
Malware in sbrugna...
EUVD-2010-1541
Malware in sbrugna...
EUVD-2010-2015
Malware in sbrugna...
CVE-2010-2281
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...
CVE-2010-2282
Cross-site request forgery CSRF vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password...
CVE-2010-1515
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...
CVE-2010-1514
Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory...
TomatoCMS 2.0.5 - Multiple CSRF Vulnerabilities
No description provided by source. !--- Title: TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Sun 11 Jul 2010 03:36:08 PM EEST Vendor: http://www.tomatocms.com/ Download: None --- -= CSRF PoC 1 - Change Administrator Password =- html head titleTomatoCMS 2.0.5...
TomatoCMS 2.0.5 Cross Site Request Forgery
Date: Sun 11 Jul 2010 03:36:08 PM EEST Vendor: http://www.tomatocms.com/ Download: None --- -= CSRF PoC 1 - Change Administrator Password =- TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 - Create Admin User =- TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities -...
TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities
TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities Date: Sun 11 Jul 2010 03:36:08 PM EEST Vendor: http://www.tomatocms.com/ Download: None --- -= CSRF PoC 1 - Change Administrator Password =- TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 -...
TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities
Date: Sun 11 Jul 2010 03:36:08 PM EEST Vendor: http://www.tomatocms.com/ Download: None --- -= CSRF PoC 1 - Change Administrator Password =- TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 - Create Admin User =- TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities -...
Tomato CMS 2.0.6 SQL Injection
Vulnerability ID: HTB22444 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityintomatocms.html Product: TomatoCMS Vendor: TomatoCMS Vulnerable Version: 2.0.6 and Probably Prior Versions Vendor Notification: 14 June 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor...
SQL injection vulnerability in TomatoCMS
Vulnerability ID: HTB22444 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityintomatocms.html Product: TomatoCMS Vendor: TomatoCMS Vulnerable Version: 2.0.6 and Probably Prior Versions Vendor Notification: 14 June 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor...
CVE-2010-2281
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...
CVE-2010-2282
Cross-site request forgery CSRF vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password...
CVE-2010-1515
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...