12 matches found
EUVD-2008-2132
Malware in sbrugna...
VisualShapers ezContents 1.4.5 File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26737/info VisualShapers ezContents is prone to a vulnerability that allows remote attackers to display the contents of arbitrary local files in the context of the webserver process. An attacker can exploit this issue to...
VisualShapers ezContents <= 2.0.3 Authentication Bypass and Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/37858/info VisualShapers ezContents is prone to an authentication-bypass vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL quer...
VisualShapers EZContents 1.4/2.0 Module.PHP Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9396/info A problem in handling of specific types of input passed to the module.php script in VisualShapers ezContents has been discovered. Because of this, an attacker may be able to gain unauthorized access to vulnerabl...
VisualShapers EzContents 2.0.3 Loginreq2.PHP Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19780/info ezContents is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue to have arbitrary script code...
VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injections
source: https://www.securityfocus.com/bid/37858/info VisualShapers ezContents is prone to an authentication-bypass vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...
CVE-2008-2135
CVE-2008-2135 affects VisualShapers ezContents 2.0.0. The vulnerability is described as multiple SQL injection flaws in showdetails.php (parameter: contentname) and printer.php (parameter: article), allowing remote attackers to construct arbitrary SQL commands. The NVD entry lists a HIGH base sco...
CVE-2008-2135
Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the 1 contentname parameter to showdetails.php and the 2 article parameter to printer.php...
Visualshapers EzContents GLOBALS[rootdp]远程文件包含漏洞
Visualshapers EzContents是一款基于PHP的内容管理程序。 Visualshapers EzContents不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于多个脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 VisualShapers ezContents 2.0.3 漏洞提供者 DarkFig...
CVE-2003-1214
Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions...
VisualShapers EZContents 1.x/2.0 - 'db.php' Arbitrary File Inclusion
source: https://www.securityfocus.com/bid/9638/info It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the 'GLOBALSrootdp' and 'GLOBALSlanguagehome' variables in the 'db.php' and...
VisualShapers EZContents 1.42.0 - module.php Remote Command Execution
VisualShapers EZContents 1.42.0 - module.php Remote Command Execution source: https://www.securityfocus.com/bid/9396/info A problem in handling of specific types of input passed to the module.php script in VisualShapers ezContents has been discovered. Because of this, an attacker may be able to...