Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Pixie'
2017-04-03
CVE-2017-7402
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.
2017-03-31
CVE-2017-7363
Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack.
CVE-2017-7362
Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack.
CVE-2017-7361
Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack.
CVE-2017-7360
Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.
CVE-2017-7359
Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack.
2014-06-04
CVE-2014-3786
CWE-79
Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemail or (2) subject parameter in the Contact form to contact/.
2011-12-08
CVE-2011-4710
CWE-89
Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI.
2011-09-23
CVE-2011-3793
CWE-200
Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files.
>>>
Vendor:
Getpixie
2
Products
Pixie cms
Pixie
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Pixie' 