8 matches found
Nodes Studio CMS XSS / Path Disclosure / SQL Injection
Hello list! There are SQL Injection, Cross-Site Scripting and Full Path Disclosure vulnerabilities in Nodes Studio CMS. This is Russian commercial CMS, which I found at one site of Russian terrorists and propagandists. ------------------------- Affected vendors: ------------------------- Nodes...
SQL Injection vulnerability in Soltech.CMS
Hello 3APA3A! There is SQL Injection vulnerability in Soltech.CMS. This is commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are Soltech.CMS v 0.4 and previous versions. ------------------------- Affected vendors: ------------------------- Soltech...
Уязвимости в LIOOSYS CMS
Здравствуйте 3APA3A! Сообщаю вам о SQL Injection и Information Leakage уязвимостях в LIOOSYS CMS. Это польская коммерческая CMS. SQL Injection WASC-19: http://site/index.php?id=-120union20select201,version,3,4,5/ Information Leakage WASC-13: http://site/files/db.log Утечка лога ошибок запросов к...
Zeema CMS Cross Site Scripting / SQL Injection
Hello list! I want to warn you about Cross-Site Scripting, SQL Injection and Information Leakage vulnerabilities in Zeema CMS. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are all versions of Zeema CMS. ---------- Details:...
AWStats 7.0 / 6.0 SQL Injection / Cross Site Scripting / CRLF Injection
Hello list! I want to warn you about multiple security vulnerabilities in AWStats. These are Cross-Site Scripting, Redirector, SQL Injection, HTTP Response Splitting and CRLF Injection vulnerabilities in AWStats in awredir. ------------------------- Affected products: -------------------------...
XSS, SQL Injection и SQL DB Structure Extraction уязвимости в Cetera eCommerce
Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Cross-Site Scripting, SQL Injection и SQL DB Structure Extraction уязвимостях в Cetera eCommerce. XSS WASC-08 также работают в версии 15.0: http://site/catalog/3Cscript3Ealertdocument.cookie3C/script3E/...
Fabrica Engine 2.1 Cross Site Scripting / Denial Of Service / SQL Injection
Hello Bugtraq! I want to warn you about Cross-Site Scripting, Denial of Service and SQL Injection vulnerabilities in Fabrica Engine which I found in 2008 and 2009 at web site of one online shop. It's commercial engine for online shops. SecurityVulns ID: 11274. ------------------------- Affected...
CMS Mysite Cross Site Scripting / SQL Injection
Hello Full-Disclosure! I want to warn you about Full path disclosure, Cross-Site Scripting and SQL Injection vulnerabilities in CMS MYsite. It's Ukrainian commercial CMS. Full path disclosure WASC-13: http://site/portal/modules.php?name=Ads XSS WASC-08:...