EUVD-2012-1909

Malware in sbrugna...

Webfolio CMS 2.5.1 Insecure File Upload

Exploit Title: Insecure File Upload in webfolio2.5.1 Date:04 august 2015 Exploit Author: Sharankumar somana Vendor Homepage: http://webfolio-cms.sourceforge.net/ Software Link: http://sourceforge.net/projects/webfolio-cms/?source=typredirect Version: 2.5.1 Tested on: Windows 7 Insecure File Uploa...

Webfolio CMS 2.5.1 Open Redirect

Exploit Title: unvalidated Redirects and forwards in webfolio2.5.1 Date:04 august 2015 Exploit Author: Sharankumar somana Vendor Homepage: http://webfolio-cms.sourceforge.net/ Software Link: http://sourceforge.net/projects/webfolio-cms/?source=typredirect Version: 2.5.1 Tested on: Windows 7...

CVE-2012-1899

Multiple cross-site scripting XSS vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 First name, 2 Last name or 3 Email required fields...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 First name, 2 Last name or 3 Email required fields...

CVE-2012-1899

Multiple cross-site scripting XSS vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 First name, 2 Last name or 3 Email required fields...

CVE-2012-1899

Webfolio CMS 1.1.4 and earlier contains multiple XSS vulnerabilities in the admin/users/edit page. The flaw allows remote attackers to inject arbitrary web script or HTML via the First name, Last name, or Email fields. The provided sources do not specify the root cause beyond XSS, nor do they cit...

CVE-2012-1498

Multiple cross-site request forgery CSRF vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator via an add action to admin/users/add or 2 modify a web page via a save action to...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator via an add action to admin/users/add or 2 modify a web page via a save action to...

CVE-2012-1498

CVE-2012-1498 affects Webfolio CMS 1.1.4 and earlier. The issue is multiple CSRF vulnerabilities that allow remote attackers to hijack administrator authentication through (1) adding an administrator via admin/users/add and (2) modifying a web page via admin/pages/edit/web_page_name. Details spec...

CVE-2012-1498

Multiple cross-site request forgery CSRF vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator via an add action to admin/users/add or 2 modify a web page via a save action to...

Webfolio CMS 1.1.4 Cross Site Scripting

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : WebfolioCMS " pages - where = 1....n - due to an improper input sanitization. 3POC...