33 matches found
EUVD-2005-2291
Malware in sbrugna...
PHP-Nuke 8. x <= "chng_uid" blind defect and repair-vulnerability warning-the black bar safety net
Affected version: PHP-Nuke 8. x = Vulnerability description: PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articles with users system. Each user can submit comments to discuss the articles. Main features...
PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability
PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articles with users system. Each user can submit comments to discuss the articles. Main features include: web based admin, surveys, top page, access stats pag...
PHP-Nuke 8.x Cross Site Scripting
PHP-Nuke 8.x = Cross Site Scripting Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower are vulnerable to Cross Site Scrtipting. 2. BACKGROUND PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articl...
PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability
PHP-Nuke 8.x = Blind SQL Injection Vulnerability 1. OVERVIEW The administration backend of PHP-Nuke 8.x is vulnerable to Blind SQL Injection. 2. BACKGROUND PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and...
PHP-Nuke 8.x <= Cross Site Scripting Vulnerability
PHP-Nuke 8.x = Cross Site Scripting Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower are vulnerable to Cross Site Scrtipting. 2. BACKGROUND PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articl...
PHP-Nuke 8.x Cross Site Request Forgery
PHP-Nuke 8.x = Cross Site Request Forgery CSRF / Anti-CSRF Bypass Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower versions are vulnerable to Cross Site Request Forgery CSRF because its Anti-CSRF mechanism Referer Check is found to be broken. 2. BACKGROUND PHP-Nuke is a Web Portal...
PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability
PHP-Nuke 8.x = Cross Site Request Forgery CSRF / Anti-CSRF Bypass Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower versions are vulnerable to Cross Site Request Forgery CSRF because its Anti-CSRF mechanism Referer Check is found to be broken. 2. BACKGROUND PHP-Nuke is a Web Portal...
Maximus CMS (fckeditor) Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications | | /||\ / \ /===============================================================================\ |Exploit Title: maximus-cms fckeditor Arbitrary File Upload Vulnerability | |develop: http://www.php-maximus.org | |Version: Maximus 2008 CMS: Web...
Maximus CMS 1.1.2 - FCKeditor Arbitrary File Upload
Maximus CMS 1.1.2 - FCKeditor Arbitrary File Upload | | /||\ / \ /===============================================================================\ |Exploit Title: maximus-cms fckeditor Arbitrary File Upload Vulnerability | |develop: http://www.php-maximus.org | |Version: Maximus 2008 CMS: Web...
Maximus 2008 CMS Shell Upload
maximus-cms fckeditor Arbitrary File Upload Vulnerability /\ \ /\ \ /\ /\ \ \ \ \L\ \ \ /'\ /\ \ \ ,\ \ \ \ \ /\ /\ \ /'\ \ , /\ \ /' \ /' \ \ \ /\ \ \ /'\ \ \ /\ \ \ /\ /\ \ \\ \ /\ /\ /\ \L\ \ \ \ \ \ \ \ /\ / \ \ \ /\ \\ \ \ \ \ \ \ \ \ \\ \ \ \ // // //...
Maximus CMS 1.1.2 - 'FCKeditor' Arbitrary File Upload
| | /||\ / \ /===============================================================================\ |Exploit Title: maximus-cms fckeditor Arbitrary File Upload Vulnerability | |develop: http://www.php-maximus.org | |Version: Maximus 2008 CMS: Web Portal System v.1.1.2 | |Tested On: Live site | |Dork:...
PHP-Nuke管理权限泄露
PHP-Nuke Web Portal System存在一个权限确认错误,通过提交一个特殊的URL请求, 远程用户有可能获取管理员权限。 1.0/2.5 升级到PHP-Nuke 3.0: Francisco Burzi PHP-Nuke 2.5: Francisco Burzi upgrade Nuke-3.0.tar.gz http://www.ncc.org.ve/php-nuke.php3?op=download&location=http://download.sourceforge.net/phpnuke&file=PHP-Nuke-3.0.tar.gz Francisco...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 commentposter, 2 commentposteremail, 3 commentposterhomepage, and 4 commenttext...
CVE-2006-0136
Multiple cross-site scripting XSS vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 commentposter, 2 commentposteremail, 3 commentposterhomepage, and 4 commenttext...
CVE-2006-0137
CVE-2006-0137 describes an SQL injection in Chimera Web Portal System 0.2, specifically in linkcategory.php where the id parameter can be used by a remote attacker to execute arbitrary SQL commands. The linked CPAI advisories confirm the vulnerability as SQL injection in the Chimera Web Portal Sy...
CVE-2006-0136
Phanatic Software’s Chimera Web Portal System 0.2 is affected by multiple cross-site scripting (XSS) vulnerabilities in the guestbook module (modules.php). The flaw allows remote attackers to inject arbitrary script or HTML via the comment_poster, comment_poster_email, comment_poster_homepage, or...
EV0007.txt
New eVuln Advisory: Chimera Web Portal System Multiple Vulnerabilities --------------------Summary---------------- Vendor: Phanatic Softwares http://www.psoftwares.f2s.com/ Software: Chimera Web Portal System http://sourceforge.net/projects/chimera/ Versions: 0.2 Critical Level: Moderate Type:...
[eVuln] Chimera Web Portal System Multiple Vulnerabilities
New eVuln Advisory: Chimera Web Portal System Multiple Vulnerabilities --------------------Summary---------------- Vendor: Phanatic Softwares http://www.psoftwares.f2s.com/ Software: Chimera Web Portal System http://sourceforge.net/projects/chimera/ Versions: 0.2 Critical Level: Moderate Type:...
Geeklog 1.4.x Full Path Disclosure vuln.
Geeklog 1.4.x Full Path Disclosure vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html Vendor:http://www.geeklog.net/ affected version:1.4.0 Beta 1 and prior Product Description: Geeklog is a Web Portal...