55 matches found
EUVD-2014-4629
Malware in sbrugna...
EUVD-2014-4123
Malware in sbrugna...
EUVD-2015-1577
Malware in sbrugna...
EUVD-2014-4124
Malware in sbrugna...
CVE-2015-1442
SQL injection vulnerability in views/zerotransactuser.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in a Modify Account action. NOTE: The articleid parameter to zeroviewarticle.ph...
Sql injection
SQL injection vulnerability in views/zerotransactuser.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in a Modify Account action. NOTE: The articleid parameter to zeroviewarticle.ph...
CVE-2015-1442
CVE-2015-1442 describes a SQL injection in ZeroCMS. Affected: ZeroCMS versions 1.3.3, 1.3.2 and earlier. Vulnerability located in views/zero_transact_user.php (administrative backend) where the user_id parameter in a Modify Account action can be exploited by remote authenticated users to execute ...
CVE-2015-1442
SQL injection vulnerability in views/zerotransactuser.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in a Modify Account action. NOTE: The articleid parameter to zeroviewarticle.ph...
ZeroCMS Multiple SQL Injection Vulnerabilities (Feb 2015)
ZeroCMS is prone to multiple sql injection vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Multiple SQL Injection Vulnerabilities in ZeroCMS
ZeroCMS is a simple content management system, built with PHP and MySQL. ZeroCMS suffers from multiple SQL injection vulnerabilities due to the program failing to properly filter user-supplied input. An attacker is allowed to exploit this vulnerability to access or modify data, or to exploit a...
Zerocms v.1.3.3 SQL Injection Vulnerability
Exploit for php platform in category web applications Zerocms = v.1.3.3 SQL injection vulnerability Affected Software: zerocms = v.1.3.3 released 23rd-Jan-2015 Vendor URL: http://aas9.in/zerocms/ Vendor Status: platform will be moving to Rails4 ========================== Vulnerability Description...
ZeroCMS 1.3.3 SQL Injection
Advisory: SQL injection vulnerabilities in zerocms = v.1.3.3 Advisory ID: SROEADV-2015-13 Author: Steffen Rösemann Affected Software: zerocms = v.1.3.3 released 23rd-Jan-2015 Vendor URL: http://aas9.in/zerocms/ Vendor Status: platform will be moving to Rails4 CVE-ID: - ==========================...
ZeroCMS 1.0 /zero_transact_user.php 跨站脚本漏洞
No description provided by source...
Cross site scripting
Cross-site scripting XSS vulnerability in zerouseraccount.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field...
CVE-2014-4710
CVE-2014-4710 affects ZeroCMS 1.0. The vulnerability is a stored XSS in the ZeroCMS component referenced as zero_user_account.php, where the Full Name field can be submitted unsafely. The root cause, as described in the source material, is that user input is unsanitized and saved in the backend d...
CVE-2014-4710
Cross-site scripting XSS vulnerability in zerouseraccount.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field...
ZeroCMS 1.0 /zero_transact_user.php 权限提升漏洞
No description provided by source...
ZeroCMS 1.0 - Persistent Cross-Site Scripting Vulnerability
No description provided by source. Exploit Title: Persistent ZeroCMS Cross-Site Scripting Vulnerability Discovered by: Mayuresh Dani Vendor Homepage: http://www.aas9.in/zerocms/ Software Link: https://github.com/pcx1256/zerocms/archive/master.zip Version: 1.0? Date: 2014-07-25 Tested on: Windows ...
ZeroCMS 1.0 Cross Site Scripting
Exploit Title: Persistent ZeroCMS Cross-Site Scripting Vulnerability Discovered by: Mayuresh Dani Vendor Homepage: http://www.aas9.in/zerocms/ Software Link: https://github.com/pcx1256/zerocms/archive/master.zip Version: 1.0? Date: 2014-07-25 Tested on: Windows 7 / Mozilla Firefox Ubuntu 14.04 /...
ZeroCMS 1.0 - Persistent Cross-Site Scripting
ZeroCMS 1.0 - Persistent Cross-Site Scripting Exploit Title: Persistent ZeroCMS Cross-Site Scripting Vulnerability Discovered by: Mayuresh Dani Vendor Homepage: http://www.aas9.in/zerocms/ Software Link: https://github.com/pcx1256/zerocms/archive/master.zip Version: 1.0? Date: 2014-07-25 Tested o...