130 matches found
EUVD-2011-3783
Malware in sbrugna...
EUVD-2011-3316
Malware in sbrugna...
EUVD-2011-0553
Malware in sbrugna...
EUVD-2010-4694
Malware in sbrugna...
EUVD-2011-0923
Malware in sbrugna...
EUVD-2013-5997
Malware in sbrugna...
EUVD-2010-1752
Malware in sbrugna...
EUVD-2010-4693
Malware in sbrugna...
EUVD-2016-10635
Malware in sbrugna...
EUVD-2010-1744
Malware in sbrugna...
CVE-2010-4729
Zikula before 1.2.3 does not use the authid protection mechanism for 1 the lostpassword form and 2 mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery CSRF attacks via multiple form submissions...
Cross-site Scripting (XSS) - Stored in zikula/core
Description In zikula/core cross site scripting vulnerability is present in block modules block list description field. This commit e453ad not properly santize the input. Proof of Concept login to the demo account go to blocks https://demo.ziku.la/blocks/admin/view Add payload in block list...
in zikula/core
Description When sending test emails, you're able to spam a target email address with as many emails as an attacker wants to a victim's email address due to lack of rate limiting /mailer/config/test I've put together a simple Python script that exploits this and would allow you to send a custom...
Cross-site Scripting (XSS) - Stored in zikula/core
Description When inputting a name for a module category whether editing an existing one or adding a new one, you're able to inject your own Javascript, leading to it being executed. An example payload that you can enter is: xss and then each time that you click the category to expand it, your...
Cross-site Scripting (XSS) - Generic in zikula/core
Description In zikula/core cross site scripting vulnerability is present in block module description field Proof of Concept 1. login to the demo account 2. go to blocks https://demo.ziku.la/blocks/admin/view 3. Add payload in title field and save 4 payload = " Impact This vulnerability is capable...
Cross-site Scripting (XSS) - Stored in zikula/core
Description In zikula/core cross site scripting vulnerability is present in block module title field Proof of Concept 1. login to the demo account 2. go to blocks https://demo.ziku.la/blocks/admin/view 3. Add payload in title field and save 4 payload = " Impact This vulnerability is capable of...
Cross-site Scripting (XSS) - Reflected in zikula/core
Description In zikula/core cross site scripting vulnerability in extension list name field. Proof of Concept 1. login to the demo account 2. go to extensions https://demo.ziku.la/extensions/module/modify/3 3. Add payload in displayname field payload " Impact This vulnerability is capable of stole...
Cross-site Scripting (XSS) - Stored in zikula-modules/content
Description Stored XSS in External element Feed when created Content Proof of Concept POST /content/item/edit?type=Zikula%5CContentModule%5CContentType%5CFeedType HTTP/2 Host: demo.ziku.la Cookie: zsid=5idn7q9udrp7mgirikmdlep45d User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...
Cross-site Scripting (XSS) - Stored in zikula/core
Description Stored XSS in Blocks Module when Create new block with Block type ZikulaBlocksModule/Xslt Proof of Concept POST /blocks/admin/block/edit/8 HTTP/2 Host: demo.ziku.la Cookie: zsid=5idn7q9udrp7mgirikmdlep45d User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101...
Cross-site Scripting (XSS) - Stored in zikula-modules/content
Description Stored XSS in Content allows for the arbitrary execution of JavaScript Proof of Concept POST /content/admin/page/edit HTTP/2 Host: demo.ziku.la Cookie: zsid=3u8efffphk5430gdmlevluk6fa User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...