CVE-2011-4827

Multiple cross-site scripting XSS vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 p parameter to redirect.php and 2 box parameter to includes/TrueColorPicker/index.php, which is not properly handled in...

CVE-2011-4826

SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information...

V-CMS PHP File Upload and Execute

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

AutoSec Tools V-CMS inline_image_upload.php PHP File Upload And Execution (CVE-2011-4828)

An arbitrary file upload vulnerability has been reported in AutoSec Tools V-CMS...

V-CMS A Open Source (GNU) CushyCMS / SurrealCMS Clone Arbitrary File Upload

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

V-CMS Login Utility

This module attempts to authenticate to an English-based V-CMS login interface. It should only work against version v1.1 or older, because these versions do not have any default protections against brute forcing. This module requires Metasploit: https://metasploit.com/download Current source:...

V-CMS 1.0 File Upload

File upload vulnerability in V-CMS inlineimageupload.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

V-CMS PHP File Upload And Execute

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "V-CMS PHP File...

V-CMS PHP File Upload and Execute

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

V-CMS - Arbitrary '.PHP' File Upload / Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "V-CMS PHP File...

V-CMS PHP File Upload and Execute

This module exploits a vulnerability found on V-CMS's inline image upload feature. The problem is due to the inlineimageupload.php file not checking the file type before saving it on the web server. This allows any malicious user to upload a script such as PHP without authentication, and then...

V-CMS Multiple Vulnerabilities

V-CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-4827

Multiple cross-site scripting XSS vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 p parameter to redirect.php and 2 box parameter to includes/TrueColorPicker/index.php, which is not properly handled in...

CVE-2011-4828

Unrestricted file upload vulnerability in includes/inlineimageupload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/...

CVE-2011-4826

SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information...

Unrestricted file upload

Unrestricted file upload vulnerability in includes/inlineimageupload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 p parameter to redirect.php and 2 box parameter to includes/TrueColorPicker/index.php, which is not properly handled in...

Sql injection

SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information...

CVE-2011-4827

Multiple cross-site scripting XSS vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 p parameter to redirect.php and 2 box parameter to includes/TrueColorPicker/index.php, which is not properly handled in...

CVE-2011-4827

CVE-2011-4827 involves multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0. The issues occur in a) redirect.php via the p parameter and b) includes/TrueColorPicker/index.php via the box parameter, caused by improper handling in includes/TrueColorPicker/class.TrueColorPi...