Lucene search
K

39 matches found

Positive Technologies
Positive Technologies
added 2025/01/10 12:0 a.m.4 views

PT-2025-4587 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.8 Description: A Reflected Cross-Site Scripting XSS issue was identified in the "home.php" endpoint of the WeGIA application. This issue allows attackers to inject malicious scripts in the msg c parameter...

6.5CVSS6.2AI score0.00393EPSS
Exploits1References6
OSV
OSV
added 2025/01/08 6:26 p.m.14 views

CVE-2025-22139 WeGIA Cross-Site Scripting (XSS) Reflected endpoint `configuracao_geral.php` parameter `msg`

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the configuracaogeral.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed ...

6.4CVSS5.7AI score0.00332EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/10/04 12:0 a.m.8 views

PT-2023-32075 · Unknown · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical vulnerability was found in the SourceCodester Online Computer and Laptop Store. The issue affects an unknown functionality of the file products.php. The...

9.8CVSS8.5AI score0.00722EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.4 views

PT-2023-7918 · L Soft · Listserv 17

Name of the Vulnerable Software and Affected Versions: LISTSERV 17 web interface Description: A cross-site scripting XSS issue in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter. This can be exploited by a remote attacker to conduct...

6.4CVSS6AI score0.06314EPSS
Exploits4References8
OSV
OSV
added 2021/08/23 11:15 p.m.4 views

CVE-2021-39599

Multiple Cross Site Scripting XSS vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in 1 public/search.php and in the 2 c parameter in admin.php...

6.1CVSS5.8AI score0.00641EPSS
Exploits1References1
Prion
Prion
added 2021/07/30 2:15 p.m.12 views

Sql injection

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...

7.5CVSS9.8AI score0.02447EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/11/24 12:0 a.m.4 views

PT-2023-11537 · Mpv +1 · Mpv +1

Name of the Vulnerable Software and Affected Versions: MPV version 0.29.1 Description: The issue allows attackers to execute arbitrary code and crash the program via the ao c parameter. Recommendations: For MPV version 0.29.1, update to version 0.30 to resolve the issue. As a temporary workaround...

7CVSS7.1AI score0.00242EPSS
Exploits1References17
OSV
OSV
added 2019/07/09 10:15 p.m.4 views

CVE-2019-13472

PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file...

6.1CVSS6.3AI score0.00848EPSS
Exploits3References1
NVD
NVD
added 2019/07/09 10:15 p.m.11 views

CVE-2019-13472

PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file...

6.1CVSS6.2AI score0.00848EPSS
Exploits3References1
CNVD
CNVD
added 2019/01/30 12:0 a.m.1 views

FreshRSS Cross-Site Scripting Vulnerability

FreshRSS is an open source, self-hosted RSS aggregator with support. A cross-site scripting vulnerability exists in FreshRSS version 1.11.1. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML with the help of 'c' or 'a' parameter...

6.1CVSS6AI score0.04432EPSS
Exploits5References1
CNVD
CNVD
added 2018/03/06 12:0 a.m.4 views

YzmCMS Cross-Site Scripting Vulnerability

YzmCMS is an open source CMS Content Management System developed by Chinese programmer Yuan Zhimeng. A cross-site scripting vulnerability exists in YzmCMS. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML with the help of 'a', 'c' or 'm' parameters...

6.1CVSS6.2AI score0.08686EPSS
Exploits5References1
CNVD
CNVD
added 2017/06/01 12:0 a.m.3 views

phpBB Minerva Mod SQL Injection Vulnerability

phpBB is a popular forum program. A SQL injection vulnerability exists in phpBB Minerva Mod, which allows remote attackers to inject malicious sql commands via the vulnerable 'c' parameter to corrupt web applications or dbms...

8.4AI score
Exploits0References1
CNVD
CNVD
added 2016/09/19 12:0 a.m.5 views

Dropbear SSH Arbitrary Code Execution Vulnerability

Dropbear is a relatively small SSH server and client. An arbitrary code execution vulnerability exists in Dropbear dbclient, which can be exploited by a remote attacker to execute arbitrary code when a local dbclient user enters a specific -m or -c parameter...

8.8CVSS8AI score0.03967EPSS
Exploits0References1
NVD
NVD
added 2015/03/04 8:59 p.m.14 views

CVE-2015-2209

DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php...

5CVSS6.6AI score0.01363EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2015/02/18 12:0 a.m.27 views

DLGuard 4.5 Path Disclosure

DLGuard Full Path Disclosure Information Leakage Security Vulnerabilities Exploit Title: DLGuard /index.php c parameter Full Path Disclosure Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: Feb 18, 2015 Latest Update: F...

7.4AI score
Exploits0
Prion
Prion
added 2015/02/11 7:59 p.m.12 views

Sql injection

Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to 1 copy2.php, 2 localize.php, 3 metai.php, 4 nc.php, 5 new2.php, or 6 rename2.php in u5admin/; 7 c parameter to u5admin/editor.php; 8 typ parameter to...

7.5CVSS9.2AI score0.02125EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2010/01/06 12:0 a.m.5 views

PT-2010-1396 · Maxdev · Mforum

Name of the Vulnerable Software and Affected Versions: MDForum module versions 2.x through 2.07 for MAXdev MDPro Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the c parameter in the "index.php" endpoint. Recommendations: For MDFor...

7.5CVSS7.9AI score0.01173EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2007/04/11 10:19 a.m.4 views

CVE-2007-1962

SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action...

7.5CVSS6.4AI score0.01043EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/04/06 10:0 a.m.22 views

CVE-2006-1638

Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 Username parameter to a accounts.php, b changep.php, c editac.php, d feedback.php, e fpass.php, f login.php, g post.php, h reply.php, or i replylog.php; 2 p parameter to j...

8.5AI score0.01812EPSS
Exploits0References19
Rows per page
Query Builder