Next Page >>
AmnPardaz Security Research Team
########################## www.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: Pluck Local File inclusion
# Vendor: http://www.pluck-cms.org
# Bug: Local File Inclusion
# Vulnerable Version: 4.5.1 (prior versions also may be affected)
# Exploitation: Remote with browser
# Fix: N/A
########################## www.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: Enthusiast 3 Remote Code Execution
# Vendor: http://scripts.indisguise.org/enthusiast/
# Bug: File Inclusion
# Vulnerable Version: 3.1.4 (prior versions also may be affected)
# Exploitation: Remote with browser
# Fix: N/A
########################## WwW.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: Bitweaver R2 CMS
# Vendor: http://www.bitweaver.org
# Bugs: source code disclosure, arbitrary file upload
# Vulnerable Version: 2 (prior versions also may be affected)
# Exploitation: Remote with browser
########################## WwW.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: Mambo Vulnerabilities
# Vendor: http://mamboserver.com
# Bugs: Path Disclosure, XSS , XSRF, DOS
# Vulnerable Version:4.6.3 (prior versions also may be affected)
# Exploitation: Remote with browser
# Fix Available: No!
########################## www.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: phpList Local File inclusion
# Vendor: http://www.phplist.com
# Bug: Local File Inclusion
# Vulnerable Version: 2.10.8 (prior versions also may be affected)
# Exploitation: Remote with browser
# Fix: N/A
########################## WwW.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title:Bloofox CMS Vulnerabilities
# Vendor: http://www.bloofox.com
# Bugs: SQL Injection (Authentication bypass) , Source code disclosure
# Vulnerable Version: 0.3 (prior versions also may be affected)
# Exploitation: Remote with browser
# Fix Available: No!
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: ezContents CMS Multiple Vulnerabilities
# Vendor: http://ezcontents.org/
# Vulnerable Version: 2.0.3 (and prior versions)
# Exploitation: Remote with browser
# Fix: N/A
###################################################################################
########################## WwW.BugReport.ir ##########################
#
# AmnPardaz Security Research Team
#
# Title: OneCMS Vulnerabilities
# Vendor: http://www.insanevisions.com
# Bugs: SQL Injection (Authentication bypass) , Arbitrary file upload!
# Vulnerable Version: 2.4 (prior versions also may be affected)
# Exploitation: Remote with browser
########################## WwW.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: MODx CMS Vulnerabilities
# Vendor: http://modxcms.com
# Bugs: Source code disclosure, local file inclusion
# Vulnerable Version: 0.9.6.1 (prior versions also may be affected)
# Exploitation: Remote with browser
########################## www.BugReport.ir #######################################
#
# AmnPardaz Security Research Team
#
# Title: Xigla Multiple Products - Multiple Vulnerabilities
# Vendor: http://www.xigla.com/
# Exploit: N/A
# Impact: Medium
# Fix: N/A
# Original Advisory: http://bugreport.ir/index.php?/41
########################## www.BugReport.ir #######################################
#
# AmnPardaz Security Research Team
#
# Title: Academic Web Tools CMS Multiple Vulnerabilities
# Vendor: www.yektaweb.com
# Vulnerable Version: 1.4.2.8 and prior versions
# Exploit: Available
# Impact: Medium
# Fix: N/A
########################## www.BugReport.ir
#######################################
#
# AmnPardaz Security Research Team
#
# Title: MyBlog <=0.9.8 Multiple Vulnerabilities
# Vendor: http://crewdesign.co.uk & http://sourceforge.net/projects/myblog
# Exploit: Available
# Vulnerable Version: 0.9.8
# Impact: High
1. Local File Include vulnerabilities found in script data/inc/themes/predefined_variables.php
Vulnerable GET parameters "blogpost", "cat" and "file".
First discovered by AmnPardaz Security Research Team [http://www.bugreport.ir/index_48.htm].
Vendor fixed vulnerability in version 4.5.2 by blocking directly access to this file [http://www.pluck-cms.org/releasenotes.php#4.5.2].
However, attacker still can exploit this vulnerability from index.php file.
Code [line 15-46]
-----------------
########################## www.BugReport.ir
#######################################
#
# AmnPardaz Security Research Team
#
# Title: IGES CMS <=2.0 Multiple Vulnerabilities
# Vendor: www.iges.nl
# Exploit: Available
# Vulnerable Version: 2.0
# Impact: High
########################## www.BugReport.ir
#######################################
#
# AmnPardaz Security Research Team
#
# Title: ParsaWeb CMS SQL Injection
# Vendor: http://www.parsagostar.com
# Demo: http://cms.parsagostar.com/
# Exploit: Available
# Impact: High
########################## www.BugReport.ir
#######################################
#
# AmnPardaz Security Research Team
#
# Title: TransLucid 1.75 (fckeditor) Remote Arbitrary File Upload
# Vendor: www.translucidonline.com
# Vulnerable Version: 1.75 (prior versions also may be affected)
# Exploitation: Remote with browser
# Exploit: Available
########################## www.BugReport.ir
#######################################
#
# AmnPardaz Security Research Team
#
# Title: Ferdows CMS Pro <=1.1.0 and Ferdows CMS <=9.0.5 Multiple
Vulnerabilities
# Vendor: www.fcms.ir
# Exploit: Available
# Vulnerable Version: 1.1.0 (Pro) & 9.0.5 (CMS)
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: ACollab Multiple Vulnerabilities
# Vendor: http://www.atutor.ca/acollab
# Vulnerable Version: 1.2 (Latest version till now)
# Exploitation: Remote with browser
# Fix: N/A
###################################################################################
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: Adobe LiveCycle ES DLL Hijacking Exploit (.dll)
# Vendor: http://www.adobe.com/products/livecycle/
# Vulnerable Version: 8.2.1.3144.1.471865
# Exploitation: Remote Code Execution
###################################################################################
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: chillyCMS Multiple Vulnerabilities
# Vendor: http://frozenpepper.de/
# Vulnerable Version: 1.1.3 (Latest version till now)
# Exploitation: Remote with browser
# Fix: N/A
###################################################################################
########################## www.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: chicomas <=2.0.4 Multiple Vulnerabilities
# Vendor: http://www.chicomas.com/
# Demo: http://demo.opensourcecms.com/chicomas
# Bug: Database Information Disclosure, Authorization Weakness, XSS
# Vulnerable Version: 2.0.4
# Exploitation: Remote with browser
####################
- Credit :
####################
AmnPardaz Security Research Team - www.Bugreport.ir
Contact: admin[4t}bugreport{d0t]ir
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: AneCMS Multiple Vulnerabilities
# Vendor: http://anecms.com/
# Vulnerable Version: 1.0 (Latest version till now)
# Exploitation: Remote with a RAW HTTP packet sender
# Fix: N/A
###################################################################################
########################## www.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: CFAGCMS Remote File Inclusion
# Vendor: http://sourceforge.net/projects/cfagcms/
# Bug: Remote File Inclusion
# Vulnerable Version: 1
# Exploitation: Remote with browser
# Fix: N/A
########################## www.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: NewsCMSlite
# Vendor: http://www.katywhitton.com
# Bug: Insecure Cookie Handling
# Exploitation: Remote with browser
# Fix: N/A
# Original Advisory: http://www.bugreport.ir/index_62.htm
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: PHPRunner SQL Injection
# Vendor: http://www.xlinesoft.com
# Vulnerable Version: 4.2 (prior versions also may be affected)
# Exploitation: Remote with browser
# Original Advisory: http://www.bugreport.ir/index_63.htm
# Fix: N/A
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: SASPCMS Multiple Vulnerabilities
# Vendor: http://www.lgasoft.com
# Vulnerable Version: 0.9 (prior versions also may be affected)
# Exploitation: Remote with browser
# Fix: N/A
###################################################################################
########################## WwW.BugReport.ir
###########################################
#
# AmnPardaz Security Research Team
#
# Title: Web Wiz NewsPad(TM)
# Vendor: http://www.webwizguide.com/
# Bug: Directory traversal
# Vulnerable Version: 1.02
# Exploit: Available
########################## WwW.BugReport.ir
###########################################
#
# AmnPardaz Security Research Team
#
# Title: Web Wiz Rich Text Editor(TM)
# Vendor: http://www.webwizguide.com/
# Bug: Directory traversal + HTM/HTML file creation on the server
# Vulnerable Version: 4.0
# Exploit: Available
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: Ananta Gazelle SQL Injection Vulnerability
# Vendor: http://www.anantasoft.com/
# Vulnerable Version: 1.0 (Latest version till now)
# Exploitation: Remote with browser
# Fix: N/A
###################################################################################
Next Page>>
|
