|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3223 CVE : CVE-2007-5441 CVE : CVE-2007-5442 CVE : CVE-2007-5443 CVE : CVE-2007-5444 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : No Credit : Omid (omid hackers ir) Published : 14.10.2007
Advisory Text : Hi, There are several security bugs in CMS Made Simple 1.1.3.1 : (I am not going to release dangerous and exploitable info here) 1) There is a highly dangerous PHP code execution bug in the script . 2) A registered user can access unauthorized pages . For example he can upload files to the server, or can make users by posting data to /admin/adduser.php directly ; Also he can access to admin logs page (/admin/adminlog.php?page=1) . 3) There are 2 XSS bugs in the script . 4) There are 13 full path disclosure bugs . Direct access to several files can expose full installation path . The new version (1.1.4.1) has been released : http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141 / - Omid  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |