Next Page >>
management system
518
Introduction:
=============
Do It Yourslef Content Management System is a feature-rich, php-built, mysql-based, opensource and free CMS.
It is suitable to manage any kind of contents. It is modular, extensible and easliy skinnable. Build your own modules for specific
purposes, add certain functionalites to suit your needs and design a theme that represents the content of your website.
(Copy of the Vendor Homepage: http://diy-cms.com)
452
Introduction:
=============
Wolf CMS is a content management system and is Free Software published under the GNU General
Public License v3. Wolf CMS is written in the PHP programming language. Wolf CMS is a fork of Frog CMS.
The project was a finalistin the 2010 Packt Publishing s Open Source awards for the Most Promising
Open Source Project category. As of the 28th of December 2010, the Wolf CMS code repository was moved
from Google Code to Github.
Flexible routing system which allows each component to be called on its own (useful for AJAX)
The option to rewrite each template, model or controller specifically for a project, so developers can add their own
stamp to the system. Common components that are all built directly by our core team, which means that 99% of projects
don\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'t need to install external components. This eliminates problems with incompatible components (extensions/modules/plugins)
which affects some CMS software. Behavioural targeting support in the core system and many other components. An all in one system -
content management system, blog, product catalogue and checkout process all rolled into one. This allows users share the same
category system and media library across their product catalogue and blog articles, or include an “add to basket” button in
blog posts about a product. There isn t any other web system in the universe which can do this with such ease.
One fulltext search for the CMS, eCommerce and blog.
Onxshop is a new kind of Content Management System (Shop|eCommerce). Onxshop is currently used by more than 50
(Copy of the Vendor Homepage: http://www.opial.com )
Abstract:
=========
A Vulnerability Laboratory Researcher Team discovered multiple Web Vulnerabilities in Opial v2 Content Management System.
Report-Timeline:
================
Symantec Alert Management System HNDLRSVC Arbitrary Command Execution
TSL ID: FSC20100727-01
1. Affected Software
Symantec Antivirus Corporate Edition 10.1.8.8000 and possibly prior
Symantec System Center 10.1.8.8000 and possibly prior
Reference: http://www.symantec.com/business/antivirus-corporate-edition
363
Introduction:
=============
Contentpapst ist ein leistungsstarkes und sehr flexibles Content-Management-System (CMS) speziell fr kleine und
mittelstndische Unternehmen, Behrden und Organisationen. Mit dem CMS Contentpapst verwalten Sie Ihre Firmen-Homepage,
Ihre Vereins-Webseite etc. zuknftig komplett per Browser, ohne zustzliche Software!
(Copy of the Vendor Homepage: http://www.sandoba.de/produkte/cms-contentpapst/)
PR10-17: Various XSS and information disclosure flaws within KeyFax
response management system
http://www.omfax.co.uk
Vulnerability found: 25th August 2010
Vendor informed:
Vulnerability fixed:
Application : ProfileCMS
version : <= 1.0
Vendor : http://profilecms.com/
Description :
ProfileCMS is a powerful Content Management System for Social Networking profile codes and widgets. There are no other scripts that offer the freedom, features and practicality of ProfileCMS, we have constructed a easy to use, accessable platform for both webmasters and front end users. Based on the popular MSCMS system which has been the Number 1 Myspace Content Management System for almost 1 year now, ProfileCMS allows webmasters to take advantage of the ever growing popularity of social netowrking sites and offer users codes and widgets from ANY social network.
---------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~
<input type="hidden" name="security_password" value="newpassword" />
<input type="hidden" name="security_type" value="page" />
<input type="hidden" name="site_title" value='CMSimple site' />
<input type="hidden" name="site_template" value="default" />
<input type="hidden" name="language_default" value="ru" />
<input type="hidden" name="meta_keywords" value="CMSimple, Content Management System, php" />
<input type="hidden" name="meta_description" value="CMSimple is a content management system" />
<input type="hidden" name="backup_numberoffiles" value="5" />
<input type="hidden" name="images_maxsize" value="150000" />
<input type="hidden" name="downloads_maxsize" value="1000000" />
<input type="hidden" name="mailform_email=" value="" />
>> Program description (by the author website) <<
The Gemini Portal 4 is the most scalable, dynamic, and powerful content
management system there is. It is perfect for large business network services,
to the simple personal web site for use with PHP and MySQL.', 'The Gemini
Portal is a dynamic content management system. It is ideal for any size
community, allowing users, moderators, limited admins, and global admins log
in. Many of the built in pages use the dynamic database file system (ArzFS)
to manipulate files and folders.
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MKPortal is a free Portal/Content Management System (CMS) which seamlessly
integrates with the most popular forum softwares. It uses the forum user
management system and other features and adds many powerful modules to create
and manage a light but powerful web site. MKPortal has an intuitive user
interface and is very simple to install and administer.
Trustwave's SpiderLabs Security Advisory TWSL2012-001:
Cross-Site Scripting Vulnerability in Textpattern Content Management System
Published: 1/03/12
Version: 1.0
Vendor: Textpattern (http://textpattern.com/)
Product: Textpattern
Version affected: 4.4.1 before change set 3612
Abstract:
=========
The Vulnerability Laboratory Team discovered multiple SQL Injection Vulnerabilities on Matterdaddys
Market eCommerce Content Management System v1.1.
Report-Timeline:
================
2012-04-09: Public or Non-Public Disclosure
building blocks - you can stack them - one on top of another - to create different shapes. The same
way with epesi framework and included modules you can create web application with different functionality:
CRM, SFA, ERP or SCM. In fact we created already:
- CRM package (inlcuded in the FREE version)
- Warehouse Management System
- Custom Sales and Commision Reporting tool
- Complete inventory management system integrated with e-commerce
- School Register with student and courses management
- and many more custom solutions
An attacker can use browser to exploit this vulnerability. The following PoC is available:
<form action="http://host/settings/update_settings" method="post" name="main" >
<input type="hidden" name="setting[site_title]" value='BXR File Management System"><script>alert(document.cookie)</script>' />
<input type="hidden" name="setting[site_keywords]" value="BXR, Open Source File Management System" />
<input type="hidden" name="setting[site_description]" value="The Free, Open Source, Ruby on Rails File Management System." />
<input type="hidden" name="setting[let_users_change_default_folder]" value="0" />
<input type="hidden" name="setting[use_ferret]" value="0" />
<input type="hidden" name="setting[overwrite_existing_files]" value="0" />
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
########################################################################
##
#
# ID: COMPASS-2012-001
# Product: OpenKM Document Management System 5.1.7 [1]
# Vendor: OpenKM http://www.openkm.com/
# Subject: Privilege Escalation, Improper Access Control
# Risk: High
# Effect: Remotely exploitable
# Author: Cyrill Brunschwiler (cyrill.brunschwiler@csnc.ch)
'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332)
Mark Stanislav - mark.stanislav@gmail.com
I. DESCRIPTION
---------------------------------------
A vulnerability exists in the 'Pointter PHP Content Management System' authentication system which allows for administrative privileges by crafting two specific cookies with arbitrary values.
II. TESTED VERSION
Additional information (in Ukranian): http://websecurity.com.ua/1347/
Original message (in Russian): http://securityvulns.ru/Sdocument3.html
8. durito [NGH Group] reports
8.1 multiple SQL injections in Stride v1.0 Content Management System,
Merchant, Courses. Examples:
Content Management System
http://www.example.com/main.php?p=[SQL]
465
Introduction:
=============
11in1 is an open-source content management system (CMS) that is powered by PHP and MySQL. It does not only
help you manage your personal blog but also maintain your postings at social networks. By establishing
consistency among the
data transmitted from and to the blog, this CMS sustains continuous harmonizationof your data over time.
(Copy of the Vendor Homepage: http://pritlog.com/fossil.cgi/taglist )
Abstract:
=========
The Vulnerability Laboratory Research Team discovered multiple Web Vulnerabilities in Pritlog v0.821 Content Management System.
Report-Timeline:
================
2012-04-29: Public or Non-Public Disclosure
<input type="hidden" name="security_password" value="test" />
<input type="hidden" name="security_type" value="page" />
<input type="hidden" name="site_title" value='CMSimple site"><script>alert(document.cookie)</script>' />
<input type="hidden" name="site_template" value="default" />
<input type="hidden" name="language_default" value="ru" />
<input type="hidden" name="meta_keywords" value="CMSimple, Content Management System, php" />
<input type="hidden" name="meta_description" value="CMSimple is a content management system" />
<input type="hidden" name="backup_numberoffiles" value="5" />
<input type="hidden" name="images_maxsize" value="150000" />
<input type="hidden" name="downloads_maxsize" value="1000000" />
<input type="hidden" name="mailform_email=" value="" />
CVE Name: CVE-2009-2620
3. *Vulnerability Description*
Firebird SQL [1] is an open source relational database management system
offering many ANSI SQL standard features that runs on Linux, Windows,
and a variety of Unix platforms.
A remote denial of service vulnerability has been found in Firebird SQL,
which can be exploited by a remote attacker to force the server to close
####################
- Description:
####################
LokiCMS is a content management system that is designed to be simple and clear.
Most cms systems are way to complicated if you just want to make a small mostly static site,
LokiCMS allows you to make a simple site with a few clicks.
####################
Details:
========
1.1
Multiple persistent input validation vulnerabilities are detected in Havalite v1.0.4 Content Management System.
The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent).
Successful exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent)
context manipulation. Exploitation requires low user inter action because the admin needs to watch the user list.
The user includes his scriptcode as profile name and the code is getting executed on the administrator section
persistent.
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
########################################################################
##
#
# ID: COMPASS-2012-002
# Product: OpenKM Document Management System 5.1.7 [1]
# Vendor: OpenKM http://www.openkm.com/
# Subject: Cross-site Request Forgery based OS Command Execution
# Risk: High
# Effect: Remotely exploitable
# Author: Cyrill Brunschwiler (cyrill.brunschwiler@csnc.ch)
Symantec System Center is an MMC (Microsoft Management Console) snap-in
that allows an administrator to remotely manage Symantec products. The
Symantec System Center comes bundled with several Symantec products,
including Symantec Client Security and Symantec AntiVirus. It contains
an optional component called the Alert Management System Console. This
component starts a service (Intel File Transfer) that listens on TCP
port 12174.
II. DESCRIPTION
Name: phpWebSite
Version: 1.4.0
Release date: Dec 11, 2007
Developed by the Web Technology Group at Appalachian State University,
phpWebSite provides a complete web site content management system ( CMS ).
All client output is XHTML 1.0 and meets the
W3C's Web Accessibility Initiative requirements.
--DISCUSSION---------------------------------
Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
Advisory Reference : NS-11-008
Description
------------------
Symphony is a web-based content management system (CMS) that enables
users to create and manage websites and web applications of all shapes
and sizes—from the simplest of blogs to bustling news sites and
feature-packed social networks.
Details
########################################################
-=[Description]=-
ar web content manager is a free web contemts management system (cms) built with php , mysql , css , javascript , css to allow you to manage your website easily and fast.
it contains many main categories such as (videos, topics, sounds, photo gallery.
########################################################
-=[VUln Code]=-
###################################################################################
####################
1. Description:
####################
ACADEMIC WEB TOOLS (AWT) yektaweb is a Persian content management system (CMS) which can manage university conferences and journals too.
####################
2. Vulnerabilities:
####################
2.1. Directory Traversal in "/download.php" in "dfile" parameter.
2.1.1. Exploit:
Next Page>>
|
