Next Page >>
Content Management System
518
Introduction:
=============
Do It Yourslef Content Management System is a feature-rich, php-built, mysql-based, opensource and free CMS.
It is suitable to manage any kind of contents. It is modular, extensible and easliy skinnable. Build your own modules for specific
purposes, add certain functionalites to suit your needs and design a theme that represents the content of your website.
(Copy of the Vendor Homepage: http://diy-cms.com)
(Copy of the Vendor Homepage: http://www.opial.com )
Abstract:
=========
A Vulnerability Laboratory Researcher Team discovered multiple Web Vulnerabilities in Opial v2 Content Management System.
Report-Timeline:
================
363
Introduction:
=============
Contentpapst ist ein leistungsstarkes und sehr flexibles Content-Management-System (CMS) speziell fr kleine und
mittelstndische Unternehmen, Behrden und Organisationen. Mit dem CMS Contentpapst verwalten Sie Ihre Firmen-Homepage,
Ihre Vereins-Webseite etc. zuknftig komplett per Browser, ohne zustzliche Software!
(Copy of the Vendor Homepage: http://www.sandoba.de/produkte/cms-contentpapst/)
Flexible routing system which allows each component to be called on its own (useful for AJAX)
The option to rewrite each template, model or controller specifically for a project, so developers can add their own
stamp to the system. Common components that are all built directly by our core team, which means that 99% of projects
don\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'t need to install external components. This eliminates problems with incompatible components (extensions/modules/plugins)
which affects some CMS software. Behavioural targeting support in the core system and many other components. An all in one system -
content management system, blog, product catalogue and checkout process all rolled into one. This allows users share the same
category system and media library across their product catalogue and blog articles, or include an “add to basket” button in
blog posts about a product. There isn t any other web system in the universe which can do this with such ease.
One fulltext search for the CMS, eCommerce and blog.
Onxshop is a new kind of Content Management System (Shop|eCommerce). Onxshop is currently used by more than 50
'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332)
Mark Stanislav - mark.stanislav@gmail.com
I. DESCRIPTION
---------------------------------------
A vulnerability exists in the 'Pointter PHP Content Management System' authentication system which allows for administrative privileges by crafting two specific cookies with arbitrary values.
II. TESTED VERSION
Additional information (in Ukranian): http://websecurity.com.ua/1347/
Original message (in Russian): http://securityvulns.ru/Sdocument3.html
8. durito [NGH Group] reports
8.1 multiple SQL injections in Stride v1.0 Content Management System,
Merchant, Courses. Examples:
Content Management System
http://www.example.com/main.php?p=[SQL]
452
Introduction:
=============
Wolf CMS is a content management system and is Free Software published under the GNU General
Public License v3. Wolf CMS is written in the PHP programming language. Wolf CMS is a fork of Frog CMS.
The project was a finalistin the 2010 Packt Publishing s Open Source awards for the Most Promising
Open Source Project category. As of the 28th of December 2010, the Wolf CMS code repository was moved
from Google Code to Github.
Abstract:
=========
The Vulnerability Laboratory Team discovered multiple SQL Injection Vulnerabilities on Matterdaddys
Market eCommerce Content Management System v1.1.
Report-Timeline:
================
2012-04-09: Public or Non-Public Disclosure
Details:
========
1.1
Multiple persistent input validation vulnerabilities are detected in Havalite v1.0.4 Content Management System.
The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent).
Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent)
context manipulation. Exploitation requires low user inter action because the admin needs to watch the user list.
The user includes his scriptcode as profile name and the code is getting executed on the administrator section
persistent.
(Copy of the Vendor Homepage: http://pritlog.com/fossil.cgi/taglist )
Abstract:
=========
The Vulnerability Laboratory Research Team discovered multiple Web Vulnerabilities in Pritlog v0.821 Content Management System.
Report-Timeline:
================
2012-04-29: Public or Non-Public Disclosure
Application : ProfileCMS
version : <= 1.0
Vendor : http://profilecms.com/
Description :
ProfileCMS is a powerful Content Management System for Social Networking profile codes and widgets. There are no other scripts that offer the freedom, features and practicality of ProfileCMS, we have constructed a easy to use, accessable platform for both webmasters and front end users. Based on the popular MSCMS system which has been the Number 1 Myspace Content Management System for almost 1 year now, ProfileCMS allows webmasters to take advantage of the ever growing popularity of social netowrking sites and offer users codes and widgets from ANY social network.
---------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~
<input type="hidden" name="security_password" value="newpassword" />
<input type="hidden" name="security_type" value="page" />
<input type="hidden" name="site_title" value='CMSimple site' />
<input type="hidden" name="site_template" value="default" />
<input type="hidden" name="language_default" value="ru" />
<input type="hidden" name="meta_keywords" value="CMSimple, Content Management System, php" />
<input type="hidden" name="meta_description" value="CMSimple is a content management system" />
<input type="hidden" name="backup_numberoffiles" value="5" />
<input type="hidden" name="images_maxsize" value="150000" />
<input type="hidden" name="downloads_maxsize" value="1000000" />
<input type="hidden" name="mailform_email=" value="" />
465
Introduction:
=============
11in1 is an open-source content management system (CMS) that is powered by PHP and MySQL. It does not only
help you manage your personal blog but also maintain your postings at social networks. By establishing
consistency among the
data transmitted from and to the blog, this CMS sustains continuous harmonizationof your data over time.
<input type="hidden" name="security_password" value="test" />
<input type="hidden" name="security_type" value="page" />
<input type="hidden" name="site_title" value='CMSimple site"><script>alert(document.cookie)</script>' />
<input type="hidden" name="site_template" value="default" />
<input type="hidden" name="language_default" value="ru" />
<input type="hidden" name="meta_keywords" value="CMSimple, Content Management System, php" />
<input type="hidden" name="meta_description" value="CMSimple is a content management system" />
<input type="hidden" name="backup_numberoffiles" value="5" />
<input type="hidden" name="images_maxsize" value="150000" />
<input type="hidden" name="downloads_maxsize" value="1000000" />
<input type="hidden" name="mailform_email=" value="" />
####################
- Description:
####################
chillyCMS is a Content Management System. Its main features are:
easily edit your content in a WYSIWYG editor,
manage your users in different groups with different rights, upload
single files or whole zip archives,
insert your pictures into the content by drag and drop, one click
backup with integrated installer,
-----------------------------------------------------------------------------------------------
References:
[1] High-Tech Bridge Advisory HTB23084 - https://www.htbridge.ch/advisory/HTB23084 - Multiple vulnerabilities in Newscoop.
[2] Newscoop - http://www.sourcefabric.org - is an open Content Management System for journalists & online newspapers.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
-----------------------------------------------------------------------------------------------
Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
####################
1. Description:
####################
Acidcat CMS is a web site and simple Content Management System that can be administered via a web browser.
####################
2. Vulnerability:
####################
2.1. There is a SQL Injection in "default.asp". By using it, attacker can gain usernames and encrypted passwords.
Abstract:
=========
A Vulnerability Laboratory Researcher discovered multiple Web Vulnerabilities in the idev GameSite v1.0 Content Management System.
Report-Timeline:
================
2012-04-08: Public or Non-Public Disclosure
[x] Vendor Information
"If the written word is the wheel, then Writer’s Block is the sweet, sweet fossil fuel in the
engine that keeps it spinning. A free, flexible, elegant Content Management System that helps
you maintain any web site you want, at any size you want, with no hassle and no restrictions.
In fact, it’s running this entire site right now."
http://www.desiquintans.com
-->WEB: http://www.webspell.org/ (affected too)
-->DOWNLOAD: http://www.webspell.org/download.php?fileID=22
-->DEMO: http://www.webspell.org/index.php?site=demo
-->CATEGORY: CMS / Portals
-->DESCRIPTION: webSPELL is a free Content Management System (CMS) for clans and
gaming communities, providing all needed features like forums, gallery, clanwar...
-------------------
CMS VULNERABILITY:
-------------------
####################
- Description:
####################
Blaze Apps is a ASP .NET 2 Content Management System. It uses VB and
C# as backend languages
and uses Microsoft SQL Server as its DBMS.
####################
- Vulnerability:
Remote: YES
Local: N/A
Vendor: eGov Strategies LLC
Product: Content Management System
http://www.egovstrategies.com/
Fix available: Yes
=======================================
PRODUCT
-------------
DotNetNuke is an open source Content Management System (CMS) based on Microsoft ASP.NET. DotNetNuke powers over 600,000 production web sites worldwide. More information can be found at:
http://www.dotnetnuke.com/Intro/AtAGlance/tabid/1579/Default.aspx
VULNERABILITY
-------------
An anonymous attacker can upload ASPX files, access these files and is then able to execute arbitrary commands on the web server. This leads to full compromise of the DotNetNuke environment and possibly compromise of other web applications and/or information on the web server.
Overview:
Quote from http://www.tikiwiki.org
"TikiWiki (Tiki) is your Groupware/CMS (Content Management System)
solution. Tiki has the features you need:
* Wikis (like Mediawiki)
* Forums (like phpBB)
* Blogs (like WordPress)
* Articles (like Digg)
-------------------------
Tikiwiki CMS is vulnerable to path traversal attack
II. BACKGROUND
-------------------------
Tikiwiki (Tiki) is a Free Software (LGPL) Content Management System
solution that unifies many features like wikis, forums, blogs,
articles, galleries, mapserver, link directory.
This software is massively used in the World Wide Web, and has been
audited by the security community for years.
####################
- Description:
####################
ChiCoMaS is free web based Content Management System based on PHP &
MySQL with Full featured WYSIWYG TinyMCE editor,
File management with QuiXplorer, User and group administration to
manage access permissions & Backup/Restore with integrated
MySqlBackupPro.
* Impact: Successful exploitation of this vulnerability may lead to remote
server compromise due the ability to recover administrative
credentials of Publique! management interface.
Publique! is a Content Management System (CMS) for Web applications by Fbrica
Digital [1]. This framework claims to be designed for non-computer specialists,
enabling them to update web site content directly from the internet.
This product is largely used in Brazil by companies from various areas such as
universities, government organizations, banks and independent product
2. BACKGROUND
XOOPS is an acronym of eXtensible Object Oriented Portal System. It's
the #1 Content Management System (CMS) project on www.sourceforge.net
and a recipient of several awards, and constantly places as finalist
in various CMS and Open Source competitions. It incorporates many
modules such as forums, photo galleries, calendars, article management
etc.
Application: TikiWiki
Version: <= 1.9.8.1
Vendor: http://tikiwiki.org
Description:
TikiWiki (Tiki) is your Groupware/CMS (Content Management System) solution.
--------------
Vulnerability:
--------------
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.dblog.it/sito/default.asp
DBlog CMS is a open source Content Management System for IIS/ASP platform.
Some days ago dBlog 2.0 hit the goal of the 110.000 platform downloads,
over 100.000 of them regarding the lastest version.
GoogleDork: inurl:"articolo.asp" "powered by dblog"
Next Page>>
|
