Search Results | AttackerKB

Show filters

Topics 9 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

9 Total Results

Displaying 1-9 of 9

Attacker Value

Unknown

CVE-2010-1426

Disclosure Date: April 15, 2010 (last updated October 04, 2023)

SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin.

0

Attacker Value

Unknown

CVE-2008-5942

Disclosure Date: January 22, 2009 (last updated October 04, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939.

0

Attacker Value

Unknown

CVE-2008-5939

Disclosure Date: January 22, 2009 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure.

0

Attacker Value

Unknown

CVE-2008-5941

Disclosure Date: January 22, 2009 (last updated October 04, 2023)

Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.

0

Attacker Value

Unknown

CVE-2008-5940

Disclosure Date: January 22, 2009 (last updated October 04, 2023)

SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. NOTE: some of these details are obtained from third party information.

0

Attacker Value

Unknown

CVE-2008-5938

Disclosure Date: January 22, 2009 (last updated October 04, 2023)

PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter.

0

Attacker Value

Unknown

CVE-2006-5730

Disclosure Date: November 06, 2006 (last updated October 04, 2023)

PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor.

0

Attacker Value

Unknown

CVE-2006-1821

Disclosure Date: April 18, 2006 (last updated October 04, 2023)

Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter.

0

Attacker Value

Unknown

CVE-2006-1820

Disclosure Date: April 18, 2006 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability.

0