CMS Pylot Cross Site Request Forgery / Cross Site Scripting

Hello list! These are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in CMS Pylot "Ïèëîò" on Russian. It's Ukrainian commercial CMS from Delta-X. ------------------------- Affected products: ------------------------- Vulnerable are all versions of CMS Pylot. Developers from...

Zeema CMS Cross Site Scripting / Path Disclosure

Hello list! I want to warn you about Brute Force, Cross-Site Scripting and Full path disclosure vulnerabilities in Zeema CMS. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are all versions of Zeema CMS. ---------- Details:...

Уязвимости в Artefact St. CMS

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Brute Force и Full path disclosure уязвимостях в системе Artefact St. CMS. Это украинская коммерческая CMS. XSS WASC-08: http://site/search/?s=3Cscript3Ealertdocument.cookie3C/script3E Brute Force WASC-11: http://site/admin/...

XSS, AoF и IAA уязвимости в MC Content Manager

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в системе MC Content Manager. Это украинская коммерческая CMS. XSS WASC-08: Уязвимости на страницах регистрации и восстановления пароля. http://websecurity.com.ua/uploads/2011/MC20Content20Manager20XSS.html...

MC Content Manager Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting vulnerabilities in MC Content Manager. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are previous versions of MC Content Manager before version v.10.1.1. ---------- Details...

Full path disclosure и SQL Injection уязвимости в MC Content Manager

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Full path disclosure и SQL Injection уязвимостях в системе MC Content Manager. Это украинская коммерческая CMS. Full path disclosure WASC-13: http://site/article.php?root=a SQL Injection WASC-19: http://site/article.php?root=-120and20version=4...

Vulnerabilities in MC Content Manager

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting, Brute Force и Full path disclosure уязвимостях в MC Content Manager. Это украинская коммерческая CMS. XSS WASC-08: http://site/cms/’;alertdocument.cookie;/ Brute Force WASC-11: http://site/admin/ Full path disclosure WASC-13:...

MC Content Manager 10.1.1 Cross Site Scripting / Path Disclosure

Hello list! I want to warn you about Cross-Site Scripting, Brute Force and Full path disclosure vulnerabilities in MC Content Manager. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are potentially all versions of MC Content Manage...

AltConstructor Cross Site Scripting

Hello Full-Disclosure! I want to warn you about Cross-Site Scripting and Brute Force vulnerabilities in AltConstructor. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are all versions of CMS AltConstructor, before version released ...

IB Promotion Advanced Business Web Suite Cross Site Scripting

Hello Bugtraq! I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in IB Promotion Advanced Business Web Suite. It's Ukrainian commercial CMS. XSS WASC-08: http://site/search/?qs=’;alertdocument.cookie;// It's DOM Based XSS. Insufficient Anti-automation...

eSitesBuilder Cross Site Scripting / Path Disclosure / SQL Injection

Hello Full-Disclosure! I want to warn you about multiple vulnerabilities in eSitesBuilder. After previous vulnerabilities in eSitesBuilder SecurityVulns ID:10940, which I wrote earlier in June, there are Insufficient Anti-automation, Cross-Site Scripting, SQL Injection and Full path disclosure...

Vulnerability in ArtDesign CMS

Здравствуйте 3APA3A! Сообщаю вам о найденной мною SQL Injection уязвимости в ArtDesign CMS. Это украинская коммерческая CMS. SQL Injection: http://site/news.php?ch=id&id=-1'20or20version=5/ Дополнительная информация о данной уязвимости у меня на сайте: http://websecurity.com.ua/4035/ Best wishes ...

CMS SiteLogic SQL Injection

Hello Bugtraq! I want to warn you about security vulnerabilities in CMS SiteLogic. It's Ukrainian commercial CMS. ----------------------------- Advisory: Vulnerabilities in CMS SiteLogic ----------------------------- URL: http://websecurity.com.ua/3935/ ----------------------------- Affected...

Abton CMS SQL Injection

Hello Full-Disclosure! I want to warn you about vulnerabilities in Abton. It's commercial Ukrainian CMS. ----------------------------- Advisory: Vulnerabilities in Abton ----------------------------- URL: http://websecurity.com.ua/2886/ ----------------------------- Timeline: 31.03.2008 - found t...

Hydra CMS Cross Site Scripting / SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== Hydra CMS Cross Site Scripting / SQL Injection Vulnerabilities ============================================================== Hello Full-Disclosure! I want to warn you about...

Hydra CMS SQL Injection / Cross Site Scripting

Hello Full-Disclosure! I want to warn you about vulnerabilities in Hydra Engine. It's commercial Ukrainian CMS. ----------------------------- Advisory: Vulnerabilities in Hydra Engine ----------------------------- URL: http://websecurity.com.ua/3453/ ----------------------------- Timeline:...

Vulnerabilities in Hydra Engine

Здравствуйте 3APA3A! Сообщаю вам о Full path disclosure, SQL Injection и Cross-Site Scripting уязвимостях в системе Hydra Engine. Это украинская CMS. Full path disclosure: http://site/search/’/ SQL Injection: http://site/search/'20and20version3E5--20/ XSS:...