AIOCP 1.3.x - 'cp_edit_user.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

AIOCP 1.3.x - 'cp_users_online.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

AIOCP 1.3.x - 'cp_news.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

AIOCP 1.3.x - 'cp_show_ec_products.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

AIOCP 1.3.x - 'cp_dpage.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

AIOCP 1.3.x - 'cp_codice_fiscale.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

AIOCP 1.3.x - 'cp_show_ec_products.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

AIOCP 1.3.x - 'cp_show_page_help.php' Full Path Disclosure

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

IF-CMS - index.php Cross-Site Scripting

IF-CMS - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20909/info IF-CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in...

ac4p Mobile - index.php Multiple Cross-Site Scripting Vulnerabilities

ac4p Mobile - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues...

Exhibit Engine 1.22 - fstyles.php?toroot Remote File Inclusion

Exhibit Engine 1.22 - fstyles.php?toroot Remote File Inclusion source: https://www.securityfocus.com/bid/20793/info Exhibit Engine Software is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allo...

ASPPlayGround.NET Forum 2.4.5 - Calendar.asp Cross-Site Scripting

ASPPlayGround.NET Forum 2.4.5 - Calendar.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/20335/info ASPPlayground.NET Forum Advanced Edition is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage...

Simpnews 2.x - 'pwlost.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20714/info SimpNews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting...

Webgenius Goop Gallery 2.0 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20554/info GOOP Gallery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting us...

osCommerce 2.2 - '/admin/reviews.php?page' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attack...

Photostore - details.php?gid Cross-Site Scripting

Photostore - details.php?gid Cross-Site Scripting source: https://www.securityfocus.com/bid/20172/info Photostore is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary...

BirdBlog 1.x - user.php?uid Cross-Site Scripting

BirdBlog 1.x - user.php?uid Cross-Site Scripting source: https://www.securityfocus.com/bid/20202/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary scri...

Quickblogger 1.4 - Remote File Inclusion

source: https://www.securityfocus.com/bid/20210/info Quickblogger is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer...

Red Mombin 0.7 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20243/info Red Mombin is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting us...

BandSite CMS 1.1 - mp3_content.php Cross-Site Scripting

BandSite CMS 1.1 - mp3content.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access...