Lucene search
K

76 matches found

CNVD
CNVD
added 2015/02/13 12:0 a.m.38 views

u5CMS 'u5admin/deletefile.php' directory traversal vulnerability

u5CMS is a content management system CMS based on PHP, MySQL and Apache for medium-sized websites, conferences, audit processes, PayPal payments and online surveys. The system supports WYSIWYG editor, creating survey forms and data storage. A directory traversal vulnerability exists in the u5CMS...

6.4CVSS7.1AI score0.07268EPSS
Exploits2References1
CNVD
CNVD
added 2015/02/13 12:0 a.m.33 views

u5CMS Cross-Site Scripting Vulnerability

u5CMS is a content management system CMS based on PHP, MySQL and Apache for medium-sized websites, conferences, audit processes, PayPal payments and online surveys. The system supports WYSIWYG editor, creating survey forms and data storage. A cross-site scripting vulnerability exists in u5CMS. Th...

4.3CVSS6.1AI score0.03284EPSS
Exploits2References1
NVD
NVD
added 2015/02/11 7:59 p.m.31 views

CVE-2015-1578

Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 1 pidvesa cookie to u5admin/pidvesa.php or 2 uri parameter to u5admin/meta2.php...

5.8CVSS6.8AI score0.06559EPSS
Exploits2References2
NVD
NVD
added 2015/02/11 7:59 p.m.31 views

CVE-2015-1576

Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to 1 copy2.php, 2 localize.php, 3 metai.php, 4 nc.php, 5 new2.php, or 6 rename2.php in u5admin/; 7 c parameter to u5admin/editor.php; 8 typ parameter to...

7.5CVSS8.5AI score0.02125EPSS
Exploits2References2
NVD
NVD
added 2015/02/11 7:59 p.m.28 views

CVE-2015-1575

Multiple cross-site scripting XSS vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the 1 c, 2 i, 3 l, or 4 p parameter to index.php; the 5 a or 6 b parameter to u5admin/cookie.php; the name parameter to 7 copy.php or 8 delete.php in u5admin/;...

4.3CVSS5.7AI score0.03284EPSS
Exploits2References3
Prion
Prion
added 2015/02/11 7:59 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the 1 c, 2 i, 3 l, or 4 p parameter to index.php; the 5 a or 6 b parameter to u5admin/cookie.php; the name parameter to 7 copy.php or 8 delete.php in u5admin/;...

4.3CVSS6AI score0.03284EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2015/02/11 7:59 p.m.13 views

Sql injection

Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to 1 copy2.php, 2 localize.php, 3 metai.php, 4 nc.php, 5 new2.php, or 6 rename2.php in u5admin/; 7 c parameter to u5admin/editor.php; 8 typ parameter to...

7.5CVSS9.2AI score0.02125EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2015/02/11 7:59 p.m.21 views

Open redirect

Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 1 pidvesa cookie to u5admin/pidvesa.php or 2 uri parameter to u5admin/meta2.php...

5.8CVSS7.3AI score0.06559EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2015/02/11 7:0 p.m.36 views

CVE-2015-1575

Multiple cross-site scripting XSS vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the 1 c, 2 i, 3 l, or 4 p parameter to index.php; the 5 a or 6 b parameter to u5admin/cookie.php; the name parameter to 7 copy.php or 8 delete.php in u5admin/;...

5.7AI score0.03284EPSS
Exploits2References3
Cvelist
Cvelist
added 2015/02/11 7:0 p.m.34 views

CVE-2015-1578

Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 1 pidvesa cookie to u5admin/pidvesa.php or 2 uri parameter to u5admin/meta2.php...

6.8AI score0.06559EPSS
Exploits2References2
Cvelist
Cvelist
added 2015/02/11 7:0 p.m.32 views

CVE-2015-1576

Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to 1 copy2.php, 2 localize.php, 3 metai.php, 4 nc.php, 5 new2.php, or 6 rename2.php in u5admin/; 7 c parameter to u5admin/editor.php; 8 typ parameter to...

8.5AI score0.02125EPSS
Exploits2References2
CVE
CVE
added 2015/02/11 7:0 p.m.60 views

CVE-2015-1578

CVE-2015-1578 affects u5CMS prior to 3.9.4, where Open Redirect flaws exist in u5admin/pidvesa.php (pidvesa cookie) and u5admin/meta2.php (uri parameter). An attacker can redirect users to arbitrary sites, enabling phishing attempts. Remediation per the sources is to update to 3.9.4 (latest versi...

5.8CVSS7AI score0.06559EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2015/02/11 7:0 p.m.29 views

CVE-2015-1577

Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a 1 .. dot dot or 2 full pathname in the f parameter...

6.8AI score0.07268EPSS
Exploits2References3
CVE
CVE
added 2015/02/11 7:0 p.m.59 views

CVE-2015-1575

CVE-2015-1575 affects u5CMS before 3.9.4, with multiple XSS paths due to insufficient input filtering on numerous parameters across index.php, u5admin/* scripts, and related pages. The underlying issue is failure to adequately sanitize inputs (e.g., c, i, l, p, a, b, name, f, typ, n, c, uri, newn...

4.3CVSS5.8AI score0.03284EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2015/02/11 7:0 p.m.63 views

CVE-2015-1576

CVE-2015-1576 affects u5CMS prior to 3.9.4, with multiple SQL injection flaws disclosed in scripts such as copy2.php, localize.php, metai.php, nc.php, new2.php, rename2.php (name parameter), editor.php (c parameter), meta2.php (typ parameter), and rename2.php (newname parameter). The root cause i...

7.5CVSS8.8AI score0.02125EPSS
Exploits2References2Affected Software1
Kaspersky
Kaspersky
added 2015/02/11 12:0 a.m.45 views

KLA10500 Multiple vulnerabilities in u5CMS

Multiple serious vulnerabilities have been found in u5CMS. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute or inject arbitrary code and write local files. Below is a complete list of vulnerabilities 1. Open redirect vulnerabilities can be exploited...

7.5CVSS7.6AI score0.07268EPSS
Exploits8References2
0day.today
0day.today
added 2015/02/10 12:0 a.m.22 views

u5CMS 3.9.3 - Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications u5CMS 3.9.3 Multiple SQL Injection Vulnerabilities Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites, conferenc...

7.1AI score
Exploits0
0day.today
0day.today
added 2015/02/10 12:0 a.m.13 views

u5CMS 3.9.3 - Multiple Stored And Reflected XSS Vulnerabilities

Exploit for php platform in category web applications u5CMS 3.9.3 Multiple Stored And Reflected XSS Vulnerabilities Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites...

7.1AI score
Exploits0
0day.today
0day.today
added 2015/02/10 12:0 a.m.17 views

u5CMS 3.9.3 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications u5CMS 3.9.3 thumb.php Local File Inclusion Vulnerability Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites,...

7.1AI score
Exploits0
0day.today
0day.today
added 2015/02/10 12:0 a.m.17 views

u5CMS 3.9.3 - Arbitrary File Deletion Vulnerability

Exploit for php platform in category web applications u5CMS 3.9.3 deletefile.php Arbitrary File Deletion Vulnerability Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized...

7.1AI score
Exploits0
Rows per page
Query Builder