30 matches found
EUVD-2013-4744
Malware in sbrugna...
EUVD-2009-3827
Malware in sbrugna...
CVE-2013-4899
Cross-site scripting XSS vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the gallery/ page...
CVE-2009-3856
Cross-site scripting XSS vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information...
CVE-2013-4900
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c dot dot encoded backslash in a GET request...
CVE-2013-4899
Cross-site scripting XSS vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the gallery/ page...
Cross site scripting
Cross-site scripting XSS vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the gallery/ page...
Directory traversal
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c dot dot encoded backslash in a GET request...
CVE-2013-4899
Cross-site scripting XSS vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the gallery/ page...
CVE-2013-4899
CVE-2013-4899 concerns Twilight CMS (v5.17 and earlier). The issue is an XSS vulnerability where user-supplied data appended to "/gallery/" is insufficiently filtered, allowing a remote attacker to inject arbitrary script via PATH_INFO and execute in the context of a logged-in user. The advisory ...
CVE-2013-4900
CVE-2013-4900 describes a directory traversal in DeWeS Web Server (0.4.2 and possibly earlier), used with Twilight CMS, allowing remote attackers to read arbitrary files via a dot-dot-encoded backslash (e.g., ..%5c) in a GET request. Connected sources confirm the vulnerable component and the expl...
Path Traversal in DeWeS Web Server (Twilight CMS)
Advisory ID: HTB23167 Product: DeWeS web server Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 0.4.2 and probably prior Tested Version: 0.4.2 Vendor Notification: July 24, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Path Traversal CWE-22 CVE Reference:...
Cross-Site Scripting (XSS) in Twilight CMS
Advisory ID: HTB23166 Product: Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 5.17 and probably prior Tested Version: 5.17 Vendor Notification: July 24, 2013 Vendor Patch: August 15, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...
Twilight CMS 5.17 Cross Site Scripting Vulnerability
Twilight CMS version 5.17 suffers from a cross site scripting vulnerability. Product: Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 5.17 and probably prior Tested Version: 5.17 Vendor Notification: July 24, 2013 Vendor Patch: August 15, 2013 Public Disclosure: August 21, 2013...
DeWeS 0.4.2 - Directory Traversal Vulnerability
Exploit for windows platform in category web applications High-Tech Bridge Security Research Lab discovered path traversal vulnerability in DeWeS web server that is supplied in package with Twilight CMS Windows version, which can be exploited to read arbitrary files on vulnerable system. 1 Path...
Twilight CMS DeWeS Web Server <= 0.4.2 Directory Traversal Vulnerability - Active Check
Twilight CMS with DeWeS Web Server is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...
DeWeS 0.4.2 - Directory Traversal
Advisory ID: HTB23167 Product: DeWeS web server Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 0.4.2 and probably prior Tested Version: 0.4.2 Vendor Notification: July 24, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Path Traversal CWE-22 CVE Reference:...
DeWeS 0.4.2 - Directory Traversal
DeWeS 0.4.2 - Directory Traversal Advisory ID: HTB23167 Product: DeWeS web server Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 0.4.2 and probably prior Tested Version: 0.4.2 Vendor Notification: July 24, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Path Travers...
Twilight CMS 5.17 Cross Site Scripting
Advisory ID: HTB23166 Product: Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 5.17 and probably prior Tested Version: 5.17 Vendor Notification: July 24, 2013 Vendor Patch: August 15, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...
Twilight CMS - DeWeS Web Server Directory Traversal
source: https://www.securityfocus.com/bid/61906/info Twilight CMS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences '../' to retrieve arbitrary files in...