Cross site scripting

Cross-site scripting XSS vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter...

CVE-2013-3262

The CVE-2013-3262 entry concerns an XSS vulnerability in the WordPress Download Monitor plugin for admin/admin.php, exploitable via the p parameter. Affected version: Download Monitor before 3.3.6.2. Root cause: improper handling/sanitization of user-supplied input in the p parameter allows remot...

WordPress Download Monitor Plugin <= 3.3.6.1 - XSS #1

Because of this vulnerability in admin/admin.php, the attackers can inject arbitrary web script or HTML via the "sort" parameter. Solution Update the plugin...

XOOPS 2.5.6 CSRF Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

CVE-2013-3254

The CVE-2013-3254 entry describes a Cross-site Scripting (XSS) vulnerability in the WP Photo Album Plus WordPress plugin's admin interface. Specifically, wp-admin/admin.php is vulnerable in versions before 5.0.3 via the commentid parameter used in the wppa_manage_comments edit action, allowing re...

CVE-2013-3254

Cross-site scripting XSS vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppamanagecomments edit action...

WordPress GRAND FlAGallery Plugin <= 2.71 - XSS

Because of this vulnerability in wp-admin/admin.php, the attackers can inject arbitrary web script or HTML via the "s" parameter in a flag-manage-gallery action. Solution Update the plugin...

WordPress Download Monitor Plugin <= 3.3.6.1 - XSS #2

Because of this vulnerability in admin/admin.php, the attackers can inject arbitrary web script or HTML via the "p" parameter. Solution Update the plugin...

Crafty Syntax Live Help RFI / Path Disclosure

Exploit Title : Crafty Syntax Live Help = 2.. & 3.. RFI + Path Disclosure Date : 4/19/2013 Author : ITTIHACK Home : http://ittihack.com Vendor : http://www.craftysyntax.com Download : http://www.craftysyntax.com/craftysyntax3.4.1.zip Version : 2. and 3. , All versions Category : webapps Google do...

FreeBSD : piwigo -- CSRF/Path Traversal (edd201a5-8fc3-11e2-b131-000c299b62e1)

High-Tech Bridge Security Research Lab reports : The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in '/admin.php' script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote...

Sql injection

Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 allow remote attackers to execute arbitrary SQL commands via the 1 uname or 2 pass parameters in a login action...

CVE-2012-6507

CVE-2012-6507 affects ChurchCMS 0.0.1: SQL injection vulnerabilities in admin.php allowing remote attackers to execute arbitrary SQL via the login parameters (uname or pass). The root cause is improper input handling in the login action, leading to data exposure/integrity risks. Affected componen...

CVE-2012-6312

Cross-site scripting XSS vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php...

PHP-Nuke 8.2.4 - Cross-Site Request Forgery

PHP-Nuke 8.2.4 - Cross-Site Request Forgery Exploit Title:CSRF vulnerability Author: sajith version: PHP Nuke 8.2.4 vulnerable app link:http://phpnuke.org/modules.php?name=Release CSRF add group CSRF POC PHP nuke 8.2.4 document.getElementById'formid'.submit;...

CVE-2010-5285

Cross-site request forgery CSRF vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action...

CVE-2010-5285

CVE-2010-5285 describes a Cross‑Site Request Forgery (CSRF) in Collabtive 0.6.5, affecting admin.php via the edituser action. The vulnerability allows a remote attacker to hijack administrators’ authentication and perform actions that add new administrative users. This is tied to the specific ver...

CVE-2010-5285

Cross-site request forgery CSRF vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action...

Multi-Page Comment System CSRF/XSS Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcmsodevelopername parameter in a save action to...

Sql injection

Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 deleteusrgrp parameter in a deleteusergroups action, 2 usergroup paramete...