Hospital Management System 4.0 - SQL Injection

Hospital Management System 4.0 contains multiple SQL injection vulnerabilities because multiple pages and parameters do not validate user input. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of...

PHPGurukul Hospital Management System - Cross-Site Scripting

PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2020-5191 info: name: PHPGurukul Hospital Management System -...

Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion

In avataruploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files. id: CVE-2018-9205 info: name: Drupal avataruploader v7.x-1.0-beta8 - Local File Inclusion author: daffainfo severity: high description: In avataruploader...

SonicWall SonicOS 7.0 - Open Redirect

SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations...

DomainMOD <=4.13.0 - Cross-Site Scripting

DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters. id: CVE-2019-15811 info: name: DomainMOD =4.13.1 to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/47325 -...

Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection

SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. id: CVE-2018-6605 info: name: Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection author: DhiyaneshDk severity...

Joomla! Component LoginBox - Local File Inclusion

A directory traversal vulnerability in the LoginBox Pro comloginbox component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1353 info: name: Joomla! Component LoginBox - Local File Inclusion author: daffainfo severity...

Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion

A directory traversal vulnerability in the JE Quotation Form comjequoteform component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the view parameter to index.php. id: CVE-2010-2128 info: name: Joomla! Component ...

Joomla! Component JRadio - Local File Inclusion

A directory traversal vulnerability in JRadio comjradio component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. id: CVE-2010-4719 info: name: Joomla! Component JRadio - Local File Inclusion...

Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal

A directory traversal vulnerability in the Percha Gallery comperchagallery component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2035 info: name: Joomla!...

Joomla! Component Horoscope 1.5.0 - Local File Inclusion

A directory traversal vulnerability in the Daily Horoscope comhoroscope component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1472 info: name: Joomla! Component Horoscope 1.5.0 - Local File Inclusion...

OEcms 3.1 - Cross-Site Scripting

OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php. id: CVE-2018-12095 info: name: OEcms 3.1 - Cross-Site Scripting author: LogicalHunter severity: medium description: OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of...

Monstra CMS <=3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

Joomla! Component PicSell 1.0 - Arbitrary File Retrieval

A directory traversal vulnerability in the PicSell compicsell component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the dflink parameter in a prevsell dwnfree action to index.php. id: CVE-2010-3203 info: name: Joomla! Component PicSell 1.0 - Arbitrary File...

MODx manager - Local File Inclusion

A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. dot dot in the classkey parameter when magicquotesgpc is disabled. id: CVE-2010-5278 info: name: MODx manag...

Joomla! Component Percha Image Attach 1.1 - Directory Traversal

A directory traversal vulnerability in the Percha Image Attach comperchaimageattach component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2034 info: name: Joomla...

Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion

A directory traversal vulnerability in the Seber Cart comsebercart component 1.0.0.12 and 1.0.0.13 for Joomla!, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1313 info: name: Joomla! Component Sab...

Camtron CMNC-200 IP Camera - Directory Traversal

The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. id: CVE-2010-4231 info: name: Camtron CMNC-200 IP Camera - Directory Traversal author: daffainfo severity: high description: The CMNC-200 IP...

Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion

A directory traversal vulnerability in the GCalendar comgcalendar component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-0972 info: name: Joomla! Component comgcalendar Suite 2.1.5 -...

Joomla! Component com_kp - 'Controller' Local File Inclusion

A directory traversal vulnerability in the obSuggest comobsuggest component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2011-4804 info: name: Joomla! Component comkp - 'Controller' Local File Inclusion...