<< Previous Next >>
content management system
Introduction
============
Mambo CMS is a popular Content Management System.
Security Risk
=============
It is possible to manipulate administrator interface cookies, which may be used to impersonate a legitimate user, allowing the attacker to view or alter user records, and to perform transactions as that user.
###################################################################################
####################
1. Description:
####################
QuickerSite is a Content Management System for Windows Servers. It is written in ASP/VBScript with an optional pinch of ASP.NET for true image-resizing capabilities. QuickerSite ships with an Access database, with the option to upsize to SQL Server 2000/2005 for busy sites (>1000 visitors/day).
####################
2. Vulnerabilities:
####################
2.1. Insecure Direct Object Reference [in "bs_login.asp"]. Everyone can change admin password.
2.1.1. Exploit:
PHPKIT WCMS 1.6.5
Prior versions may also be vulnerable
Description
=============
"PHPKIT WCMS is an Content Management System."
More Details
=============
We at MajorSecurity have discovered some vulnerabilities in PHPKIT WCMS 1.6.5, which can be exploited by malicious people to conduct persistent cross-site scripting attacks. Input passed directly to the "gbook_welcome" parameter in "/de/pk/include.php?path=config&mode=guestbook" and to the "rss_page_text" parameter in "/de/pk/include.php?path=config&mode=rssfeed" is not properly sanitised before being stored and returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
05 December 2007 -- Fix Released
10 December 2007 -- Pulic Disclosure
What is Falt4Extreme
------------------------
Falt4 CMS is a business approved Content Management System (CMS) under the LGPL. The CMS is feature-rich and has a clean administration area. The ultimate CMS with functions for the professional, usable by everyone.CMS modules are available.
Overview of Vulnerabilities
------------------------
The script is vulnerable to both of XSS and Blind SQL Injection attacks.
####################
- Description:
####################
SASPCMS is an ASP Content Management System . SASPCMS witch uses MSSQL
& Microsoft Access as backend database.
####################
- Vulnerability:
####################
Where: From remote
======================================================================
3) Vendor's Description of Software
"TomatoCMS is an impressive, powerful Content Management System. It's
free and open source licensed under GNU GPL."
Product Link:
http://tomatocms.com/
# Contact: 0in(dot)email[at]gmail(dot)com
#--------------------------------------------------------
# Greetings to: Die_Angel,suN8Hclf,m4r1usz,djlinux,doctor
#--------------------------------------------------------
# Description:
# Smeego is a Content Management System or Portal
# System written in PHP and designed to be
# easy to install and use. Smeego has a mature code
# and comes with cool modules and themes
# for you to start your own dynamic and database
# driven website. Bla bla Bla [...]
Joomla HBS (Joomla Hotel Booking System) was designed to simplify the task of online booking in Joomla Content Management Website.
It provides users a unique, intuitive and easy to use interface that improves the way people use the web today.
Joomla Hotel Booking System (Joomla HBS) enhances the entire Hotel Booking web experience in Joomla!.
Its Flexible, Simple, Elegant, Customizable and Powerful. Joomla HBS Easy to install, simple to manage and reliable.
Joomla Hotel Booking / Reservation System to be used together with a Content Management System (CMS) called Joomla!.
Joomla and Joomla HBS are written in PHP and made for easy use in a PHP / MySQL environment.
--------------------------------------------------------------------------
Vulnerability:
22 December 2007 -- New Release
22 December 2007 -- Advisory Released
What is TikiWiki
------------------------
Tikiwiki (Tiki) is your Groupware/CMS (Content Management System) solution. Tiki has the features you need:
Wikis (like Mediawiki), Forums (like phpBB) ,Blogs (like WordPress), Articles (like Digg), Image Gallery (like Flickr), Map Server (like Google Maps), Link Directory (like DMOZ), Translation and i18n (like Babel Fish), Free (LGPL) And much more...
Vulnerability Overview
------------------------
The script is vulnerable to XSS attacks.
Where: From remote
======================================================================
3) Vendor's Description of Software
"TomatoCMS is an impressive, powerful Content Management System. It's
free and open source licensed under GNU GPL."
Product Link:
http://tomatocms.com/
>> Program description (by the author website) <<
The Gemini Portal 4 is the most scalable, dynamic, and powerful content
management system there is. It is perfect for large business network services,
to the simple personal web site for use with PHP and MySQL.', 'The Gemini
Portal is a dynamic content management system. It is ideal for any size
community, allowing users, moderators, limited admins, and global admins log
in. Many of the built in pages use the dynamic database file system (ArzFS)
to manipulate files and folders.
Introduction
============
Joomla CMS is a popular Content Management System.
Security Risk
=============
It is possible to manipulate administrator interface cookies, which may be used to impersonate a legitimate user, allowing the attacker to view or alter user records, and to perform transactions as that user.
LightNEasy - HTML Injection Vulnerability
Version Affected: 2.2.2 (15th January 2009) (newest)
Info: LightNEasy, a simple and light Content Management System and Website Builder
Credits: InterN0T
External Links:
http://lightneasy.org/
Trustwave's SpiderLabs Security Advisory TWSL2012-001:
Cross-Site Scripting Vulnerability in Textpattern Content Management System
Published: 1/03/12
Version: 1.0
Vendor: Textpattern (http://textpattern.com/)
Product: Textpattern
Version affected: 4.4.1 before change set 3612
Introduction:
=============
appRain is one of the first officially released Opensource Content Management Framework (CMF).
CMF is a new web engineering concept where CMS (Content Management System) and Framework
perform together to produce endless varieties of output in a very limited time.
appRain, published with lots of extensive features to reduce our development work time.
It satisfies both Client and Developers with a safe and quality output.
390
Introduction:
=============
It is a website Content Management System that is build with Codecharge Studio. There will also be a
commercial package, which contains all source code AND the Codecharge Studio project files.
More information on Codecharge Studio can be found on the website of Yessoftware.
Currently the CMS includes the following modules:
-----------------------------------------------------------------------------------------------
References:
[1] High-Tech Bridge Advisory HTB23089 - https://www.htbridge.com/advisory/HTB23089 - Multiple vulnerabilities in Pligg CMS.
[2] Pligg CMS - http://pligg.com - Pligg is an open source CMS (Content Management System) that you can download and use for free.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
-----------------------------------------------------------------------------------------------
Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
-----------------------------------------------------------------------------------------------
References:
[1] High-Tech Bridge Advisory HTB23072 - https://www.htbridge.ch/advisory/HTB23072 - Multiple vulnerabilities in LEPTON.
[2] LEPTON - http://www.lepton-cms.org/ - LEPTON is an easy-to-use but full customizable Content Management System (CMS).
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
-----------------------------------------------------------------------------------------------
Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
High
Details:
========
A remote SQL Injection vulnerability is detected on Netjukes v1.0 RC1 Content Management System.
The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands
on the affected application dbms. Successful exploitation of the vulnerability results in dbms & application compromise.
The vulnerability is located on the search module of the web application.
Vulnerable Module(s):
============
http://www.i-s-o.org/security.txt
Introduction
============
eXV2.de CMS is a Content Management System.
More Details
============
1. Cross Site Scripting:
Input passed directly to the "set_lang" parameter in the Browser Cookie is not properly sanitised before being returned to the user.
Hello Bugtraq!
I want to warn you about security vulnerabilities in system CCMS - Clan
Content Management System.
In this advisory I'm continue to inform readers of mailing lists about
vulnerable web applications which are using CaptchaSecurityImages.php. If
you read Bugtraq you can saw the letter, from which it's clearly seen, that
web developers ignore advisory about holes in CaptchaSecurityImages.php
itself, and only draw attention on advisories about their specific web
CVE: not assigned
---[ Software Description ]
UMI.CMS is a content management system (CMS) software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material (HTML documents and their associated images).
---[ Vulnerability Description ]
Positive Technologies Research Team has discovered a Cross-Site Scripting (XSS) vulnerability in UMI.CMS.
###################################################################################
####################
1. Description:
####################
ACADEMIC WEB TOOLS (AWT) yektaweb is a Persian content management system (CMS) which can manage university conferences and journals too.
####################
2. Vulnerabilities:
####################
2.1. Directory Traversal in "/download.php" in "dfile" parameter.
2.1.1. Exploit:
####################
- Description:
####################
BloofoxCMS is a free open source content management system (CMS).
####################
- Vulnerability:
####################
####################
- Description:
####################
Pluck is a content management system, written in php.
####################
- Vulnerability:
####################
- Elxis CMS
[Vendor Product Description]
- Elxis is powerful open source content management system (CMS)
released for free under the GNU/GPL license. It has unique
multi-lingual features, it follows W3C standards, it is secure,
flexible, easy to use, and modern. The development team, Elxis Team,
paid extra attention to the optimization of the CMS for the search
engines and this lead to high performance of all elxis powered web
PR08-02: Plone CMS Security Research: the Art of Plowning
Product description:
Plone is a ready-to-run content management system built on the powerful,
and free, Zope application server. Plone is easy to set up, extremely
flexible, and provides you with a system for managing web content that
is ideal for project groups, communities, web sites, extranets and
intranets.
============
http://www.majorsecurity.de/index_2.php?major_rls=major_rls53
Introduction
============
BLUEPAGE CMS is an easy to handle content management system.
More Details
============
1. cross site scripting:
Vendor: Mansion Productions
Vendor homepage: http://www.mansionproductions.com/
Software homepage: http://www.mansionproductions.com/mas/
Description:
MAS is a leading content management system (CMS) specially designed
for adult-oriented sites managements. It is used on many major adult
sites around the world.
----------------------------------------------------------------------
============================================ nsec.ir ============================================
Description:
------------------
YEKTAWEB Academic Web Tools is a Persian Content Management System (CMS) for managing university
affairs such as conferences, journals and etc.
The built-in filter of this package can not prevent XSS attack on some parameters.
<<Previous Next>>
|
