CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Dsquare•added 2012/04/19 12:0 a.m.•58 views

V-CMS 1.0 File Upload

File upload vulnerability in V-CMS inlineimageupload.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

7.5CVSS0.5AI score0.79686EPSS

Exploits6References2

Prion•added 2011/12/15 3:57 a.m.•10 views

Unrestricted file upload

Unrestricted file upload vulnerability in includes/inlineimageupload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/...

7.5CVSS8.2AI score0.79686EPSS

Exploits6References5Affected Software1

CVE•added 2011/12/15 2:0 a.m.•48 views

CVE-2011-4827

CVE-2011-4827 involves multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0. The issues occur in a) redirect.php via the p parameter and b) includes/TrueColorPicker/index.php via the box parameter, caused by improper handling in includes/TrueColorPicker/class.TrueColorPi...

4.3CVSS5.9AI score0.00322EPSS

Exploits1References3Affected Software1

CVE•added 2011/12/15 2:0 a.m.•152 views

CVE-2011-4828

CVE-2011-4828 affects AutoSec Tools V-CMS 1.0, specifically the inline_image_upload.php file upload feature. An unrestricted file upload allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in tem...

7.5CVSS7.8AI score0.79686EPSS

Exploits6References5Affected Software1

CVE•added 2011/12/15 2:0 a.m.•46 views

CVE-2011-4826

CVE-2011-4826 affects AutoSec Tools V-CMS 1.0. The vulnerability is an SQL injection in session.php exploitable via the user parameter to process.php, enabling remote attackers to execute arbitrary SQL commands. Multiple connected sources corroborate this flaw (including Red Hat, NVD, and OpenVAS...

6.8CVSS8.6AI score0.00393EPSS

Exploits1References3Affected Software1

Packet Storm•added 2011/11/17 12:0 a.m.•19 views

V-CMS 1.0 Cross Site Scripting

------------------------------------------------------------------------ Software................V-CMS 1.0 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://v-cms.org/ Discovery Date..........11/13/2011 Tested...

7.4AI score

Exploits0

Packet Storm•added 2011/11/17 12:0 a.m.•33 views

V-CMS 1.0 Shell Upload

------------------------------------------------------------------------ Software................V-CMS 1.0 Vulnerability...........Arbitrary Upload Threat Level............Very Critical 5/5 Download................http://v-cms.org/ Discovery Date..........11/13/2011 Tested On...............Window...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by