WordPress Media File Manager Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Media File Manager plugin is a media library folder/category management plugin used in it. A cross-site scripting...

CVE-2018-18248

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string...

UBUNTU-CVE-2018-18248

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string...

PT-2018-16308 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Description: A stack-based buffer overflow issue exists in the video-core HTTP server of the Samsung SmartThings Hub. This occurs due to a strcpy call that overflows a destination...

kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message

The xfrmmigrate function in the net/xfrm/xfrmpolicy.c file in the Linux kernel built with CONFIGXFRMMIGRATE does not verify if the dir parameter is less than XFRMPOLICYMAX. This allows a local attacker to cause a denial of service out-of-bounds access or possibly have unspecified other impact by...

Cross site scripting

Cross-site scripting XSS in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php...

CVE-2018-6013

Cross-site scripting XSS in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php...

CVE-2018-6013

CVE-2018-6013 is an XSS vulnerability in BigTree CMS 4.2.19. The issue exists in core/admin/ajax/developer/extensions/file-browser.php, where the directory parameter can be used by remote attackers to inject arbitrary web script or HTML. The description across multiple sources confirms impact is ...

CVE-2018-6013

Cross-site scripting XSS in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php...

BigTree cross-site scripting vulnerability (CNVD-2018-03229)

Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in the core/admin/ajax/developer/extensions/file-browser.php file in version 4.2.19 of Fastspot BigTree. A remote attacker can explo...

Arbitrary file reading vulnerability in the dir[0] parameter of DuoDuoRebate.com system

DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuo rebate website system V8.3UTF8 official version February 10, 2017 exists arbitrary file reading vulnerability. Allow attackers to exploit the vulnerability to read...

Nextcloud: Nextcloud server software: Content Spoofing

In Nextcloud the "dir" parameter is vulnerable to content spoofing attack. If anyone puts a valid directory name in dir parameter then it goes that directory other wise it redirects to the home directory / By putting ../../ in dir parameter I was able to stop the redirect then I had put some...

Remote Command Execution Vulnerability in the IG_dir Parameter in Kingsoft KingGate Firewall schedule.php Page

KingGate Firewall is a firewall product. A remote command execution vulnerability exists in the IGdir parameter in the schedule.php page of Kingsoft KingGate Firewall. It allows an attacker to execute system commands by submitting a POST request as: IGoperation=IGdelete&IGcheckbox=1...

CVE-2010-5040

PHP remote file inclusion vulnerability in nucleus/plugins/NPgallery.php in the NPGallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIRNUCLEUS parameter. NOTE: some of these details are obtained from third party information...

CVE-2011-2661

Multiple cross-site scripting XSS vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the 1 Directory.Item.name or 2 Directory.Item.displayName parameter...

ESCMS vulnerability website system 0day-vulnerability warning-the black bar safety net

Version:ESCMS V1. 0 SP1 Build 1 1 2 5 Background login authentication is through the admin/check. asp achieved,look at the code % if Request. cookiesCookiesKey"ESadmin"="" then 'Note that here Oh,he is by COOKIE validation ESadmin is empty,we can forge a value,called he is not empty 'CookiesKey i...

CVE-2008-6807

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xmldir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the libdir...

CVE-2008-3592

Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing t...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1479

Cross-site scripting XSS vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...