376 matches found
DEBIAN-CVE-2010-1645
Cacti before 0.8.7f, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in 1 the FQDN field of a Device or 2 the Vertical Label field of a Graph Template...
CVE-2010-1984
Cross-site scripting XSS vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display...
CVE-2010-1976
Cross-site scripting XSS vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display...
CVE-2008-6956
CVE-2008-6956 affects mxCamArchive 2.2 in the admin/admin.php component. It is a static code injection vulnerability that allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, with execution triggered by index.php. The C...
CVE-2008-6542
Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files...
CVE-2009-0672
The CVE shows a SQL injection in the RavenNuke 2.30 Resend_Email module, exploitable via the user_prefix parameter to modules.php. Affected component: Raven Web Services (Resend_Email). Root cause: improper handling of user_prefix leads to arbitrary SQL commands when accessed by remote authentica...
CVE-2008-4305
Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI...
CVE-2008-5434
CVE-2008-5434 affects PunBB 1.3 and 1.3.1, with multiple SQL injection vulnerabilities exploitable by remote authenticated administrators via (1) order_by or (2) direction in admin/users.php, and (3) configuration options in admin/settings.php. The underlying issue enables arbitrary SQL command e...
Unrestricted file upload
Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file...
CVE-2008-2761
Multiple cross-site scripting XSS vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in 1 searchbanners.asp and 2 listadvertisers.asp, and other unspecified fields. NOTE: some of these...
DEBIAN-CVE-2008-2392
Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard...
DEBIAN-CVE-2007-3238
Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...
CVE-2007-2630
Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All aka 12All 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and...
WordPress <= 2.1.2 - Cross Site Scripting
Because of this vulnerability in an mt import in wp-admin/admin.php, the authenticated administrators can inject arbitrary web script or HTML via the "demo" parameter Solution Update the WordPress to the latest available version at least 2.1.3...
CVE-2006-3830
The Languages selection in the admin interface in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this...
Code injection
Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...