Multi-Page Comment System CSRF/XSS Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcmsodevelopername parameter in a save action to...

Sql injection

Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the 1 memberid or 2 groupid parameters in a removemember action or 3 id parameter to...

Sql injection

Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 deleteusrgrp parameter in a deleteusergroups action, 2 usergroup paramete...

CVE-2010-5064

Multiple cross-site scripting XSS vulnerabilities in Virtual War aka VWar 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via 1 the Additional Information field to challenge.php, the 2 Additional Information or 3 Contact information field to joinus.php, 4 the War Report fie...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Virtual War aka VWar 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via 1 the Additional Information field to challenge.php, the 2 Additional Information or 3 Contact information field to joinus.php, 4 the War Report fie...

CVE-2010-5064

Multiple cross-site scripting XSS vulnerabilities in Virtual War aka VWar 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via 1 the Additional Information field to challenge.php, the 2 Additional Information or 3 Contact information field to joinus.php, 4 the War Report fie...

Sql injection

SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third party information...

CVE-2012-4994

The CVE-2012-4994 entry concerns a SQL injection in LimeSurvey’s admin/admin.php. Affected software is LimeSurvey prior to 1.91+ Build 120224, where remote authenticated users can inject SQL commands via the id parameter in a browse action. The vulnerability arises from improper sanitization of u...

CVE-2012-4036

Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged b...

CVE-2012-2209

Multiple cross-site scripting XSS vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 section parameter in the configuration module, 2 installstatus parameter in the languagesnew module, or 3 theme parameter in the theme modu...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 section parameter in the configuration module, 2 installstatus parameter in the languagesnew module, or 3 theme parameter in the theme modu...

CVE-2012-2209

CVE-2012-2209 affects Piwigo prior to 2.3.4, exposing multiple XSS vulnerabilities in admin.php via the section, installstatus, and theme parameters. The issue enables remote attackers to inject arbitrary HTML/script in an administrator session. Vendor patch: upgrade to Piwigo 2.3.4 (remediation)...

Classifieds Ads Script PHP 1.1 SQL Injection

Title: ====== Classified Ads Script PHP v1.1 - SQL Injection Vulnerabilities Date: ===== 2012-06-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=605 VL-ID: ===== 605 Common Vulnerability Scoring System: ==================================== 5.5 Introduction:...

Event Calendar PHP 1.2 - Multiple Web Vulnerabilities

Document Title: =============== Event Calendar PHP 1.2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=607 Release Date: ============= 2012-06-18 Vulnerability Laboratory ID VL-ID: ==================================== 607...

AdaptCMS 2.0.2 TinyURL Plugin - admin.php Multiple SQL Injections

AdaptCMS 2.0.2 TinyURL Plugin - admin.php Multiple SQL Injections source: https://www.securityfocus.com/bid/53764/info AdaptCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues...

PBBoard v2.1.4 (CSRF) Arbitrary File Upload and Command Execution (MSF

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Cross site scripting

Cross-site scripting XSS vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key cnd-key in a share-and-follow-menu page to wp-admin/admin.php...

CVE-2012-2912

CVE-2012-2912 concerns the WordPress plugin LeagueManager (v3.7). The issue is an XSS vulnerability exploitable through parameters in the admin flow: the show-league page’s group parameter and the team page’s season parameter passed to wp-admin/admin.php. Exploitation could allow remote attackers...

WordPress Plugin CataBlog 1.6 - admin.php Cross-Site Scripting

WordPress Plugin CataBlog 1.6 - admin.php Cross-Site Scripting source: https://www.securityfocus.com/bid/53520/info CataBlog plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...