31 matches found
EUVD-2012-3209
Malware in sbrugna...
CVE-2012-3232
Cross-site scripting XSS vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the texttitle parameter...
web@all CMS 2.0 - Multiple Vulnerabilities
No description provided by source. web@all CMS 2.0 order SQL Injection Vulnerability Vendor: web@all Product web page: http://www.webatall.org Affected version: 2.0 Summary: web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Desc: The...
Web@all <= 1.1 - Remote Admin Settings Change
No description provided by source. =========================================== Web@all = 1.1 Remote Admin Settings Change =========================================== Author: giudinvx Email: giudinvxatgmaildotcom Date: 27/12/2010 Site: http://www.giudinvx.altervista.org/...
web@all - Local File Inclusion / Multiple Arbitrary File Upload Vulnerabilities
source: https://www.securityfocus.com/bid/55426/info web@all is prone to a local file-include vulnerability and multiple arbitrary file-upload vulnerabilities. An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of t...
web@all - Local File Inclusion Multiple Arbitrary File Upload Vulnerabilities
web@all - Local File Inclusion Multiple Arbitrary File Upload Vulnerabilities source: https://www.securityfocus.com/bid/55426/info web@all is prone to a local file-include vulnerability and multiple arbitrary file-upload vulnerabilities. An attacker can exploit these issues to upload arbitrary...
Web@All CMS 2.0 Shell Upload / Local File Inclusion
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...
web@all CMS 2.0 - Multiple Vulnerabilities
web@all CMS 2.0 - Multiple Vulnerabilities web@all CMS 2.0 order SQL Injection Vulnerability Vendor: web@all Product web page: http://www.webatall.org Affected version: 2.0 Summary: web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Desc: Th...
web@all CMS 2.0 - Multiple Vulnerabilities
web@all CMS 2.0 order SQL Injection Vulnerability Vendor: web@all Product web page: http://www.webatall.org Affected version: 2.0 Summary: web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Desc: The application suffers from an SQL Injection...
web@all CMS 2.0 SQL Injection
web@all CMS 2.0 order SQL Injection Vulnerability Vendor: web@all Product web page: http://www.webatall.org Affected version: 2.0 Summary: web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Desc: The application suffers from an SQL Injection...
web@all CMS 2.0 Multiple Remote XSS Vulnerabilities
Summary web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Description web@all CMS suffers from multiple stored and reflected cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several...
web@all CMS 2.0 (_order) SQL Injection Vulnerability
Summary web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Description The application suffers from an SQL Injection vulnerability. Input passed via the GET parameter 'order' is not properly sanitised before being returned to the user or use...
web@all CMS 2.0 Cross Site Scripting
web@all CMS 2.0 Multiple Remote XSS Vulnerabilities Vendor: web@all Product web page: http://www.webatall.org Affected version: 2.0 Summary: web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Desc: web@all CMS suffers from multiple stored an...
web@all - name Cross-Site Scripting
web@all - name Cross-Site Scripting source: https://www.securityfocus.com/bid/54466/info web@all is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
web@all - 'name' Cross-Site Scripting
source: https://www.securityfocus.com/bid/54466/info web@all is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
Cross site scripting
Cross-site scripting XSS vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the texttitle parameter...
CVE-2012-3232
The CVE-2012-3232 entry relates to web@all 2.0. Affected component: search.php; vulnerability types: CSRF (CVE-2012-3231) and XSS (CVE-2012-3232). Root cause: input passed via the GET parameter _text[title] is not properly sanitized, allowing an attacker to inject arbitrary HTML/script in the use...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary...
CVE-2012-3231
CVE-2012-3231 affects web@all 2.0. The CSRF vulnerability resides in actions performed via HTTP requests to inc/browser/action.php (do_addfile), allowing an authenticated administrator to add, delete, or modify sensitive data. A PoC demonstrates how an attacker could forge a request to create an ...
Multiple vulnerabilities in web@all
Advisory ID: HTB23094 Product: web@all Vendor: webatall.org Vulnerable Versions: 2.0 downloaded before 30th of May 2012; prior versions may also be vulnerable Tested Version: 2.0 downloaded on 25th of May 2012 Vendor Notification: 30 May 2012 Vendor Patch: 30 May 2012 Public Disclosure: 20 June...