what you don't know can hurt you

Register | Login

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 1 of 1

Files

TomatoCMS Script Insertion Vulnerabilities: Posted May 14, 2010; Site secunia.com; Secunia Research has discovered three vulnerabilities in TomatoCMS, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "title", "subTitle", and "author" parameters to index.php/admin/news/article/add is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Add new article" permissions. Version 2.0.4 is affected.; tags | advisory, arbitrary, php, vulnerability; SHA-256 | 9ce14d8796ba7fa7a59adf022cd23b2d36528ffd9417f949d367e1d43786d144; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 184 files
Ubuntu 64 files
Debian 22 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Google Security Research 6 files
Apple 6 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

Recent News

Juniper Networks Publishes Dozens Of New Security Advisories: Posted Apr 15, 2024; tags | headline, flaw, juniper; Favorite | View

Ransomware Group Claims Theft Of Data From Chipmaker Nexperia: Posted Apr 15, 2024; tags | headline, hacker, malware, data loss, cryptography; Favorite | View

Palo Alto Networks Releases Fixes For Firewall Zero-Day As Attribution Attempts Emerge: Posted Apr 15, 2024; tags | headline, flaw, patch, zero day; Favorite | View

Roku Makes 2FA Mandatory For All After Nearly 600k Accounts Pwned: Posted Apr 15, 2024; tags | headline, hacker, data loss, flaw, password; Favorite | View

Delinea Secret Server Customers Should Apply Latest Patches: Posted Apr 15, 2024; tags | headline, flaw, patch; Favorite | View

LockBit Copycat DarkVault Spurs Rebranding Rumor: Posted Apr 12, 2024; tags | headline, hacker, malware, cybercrime, fraud, cryptography; Favorite | View

French Issue Alerte Rouge After Local Govs Knocked Offline By Cyberattack: Posted Apr 12, 2024; tags | headline, government, denial of service, france; Favorite | View

More Legal Acrimony For Truth Social, As Executive Says He Was Hacked: Posted Apr 12, 2024; tags | headline, hacker, password, social; Favorite | View

Palo Alto Networks Warns Of Exploited Firewall Vulnerability: Posted Apr 12, 2024; tags | headline, hacker, flaw; Favorite | View

Roku Says More Than 500,000 Accounts Impacted In Cyberattack: Posted Apr 12, 2024; tags | headline, hacker, privacy, data loss, flaw; Favorite | View

View More News →

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links: News by Month; News Tags; Files by Month; File Tags; File Directory

About Us: History & Purpose; Contact Information; Terms of Service; Privacy Statement; Copyright Information

Services: Security Services
Hosting By: Rokasec