Lucene search
K

154 matches found

OSV
OSV
added 2018/10/09 6:29 p.m.5 views

CVE-2018-18082

XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI...

6.1CVSS5.8AI score0.00675EPSS
Exploits1References1
OSV
OSV
added 2018/06/05 6:29 a.m.10 views

CVE-2018-11735

index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter...

6.1CVSS6.1AI score
Exploits0References1
Prion
Prion
added 2018/06/05 6:29 a.m.16 views

Cross site scripting

index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter...

4.3CVSS6AI score0.00822EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/05 6:0 a.m.19 views

CVE-2018-11735

index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter...

6AI score0.00822EPSS
Exploits0References1
OSV
OSV
added 2017/07/27 6:29 a.m.3 views

CVE-2017-11685

Multiple Reflective cross-site scripting XSS vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter...

6.1CVSS5.9AI score0.01265EPSS
Exploits1References1
NVD
NVD
added 2017/07/27 6:29 a.m.19 views

CVE-2017-11685

Multiple Reflective cross-site scripting XSS vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter...

6.1CVSS6.1AI score0.01265EPSS
Exploits1References1
OSV
OSV
added 2016/08/26 7:59 p.m.4 views

CVE-2016-5049

Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. dot dot in the SESID parameter in conjunction with a filename in the FNAME parameter...

7.5CVSS5.8AI score0.02375EPSS
Exploits0References2
Prion
Prion
added 2013/12/20 11:55 p.m.15 views

Directory traversal

Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the 1 tmpid parameter to websitebuilder/showtemplateimage.php, 2 fname parameter to admin/downloadfile.php, or 3 id parameter to support/admin/csvdownload.php; or ...

5CVSS7.7AI score0.03864EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/12/20 11:0 p.m.27 views

CVE-2013-7190

Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the 1 tmpid parameter to websitebuilder/showtemplateimage.php, 2 fname parameter to admin/downloadfile.php, or 3 id parameter to support/admin/csvdownload.php; or ...

7.1AI score0.03864EPSS
Exploits0References2
Prion
Prion
added 2008/06/19 8:41 p.m.12 views

Sql injection

SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action...

7.5CVSS9.1AI score0.00961EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2008/06/19 8:41 p.m.4 views

CVE-2008-2781

SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action...

7.5CVSS6.4AI score0.00961EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2006/08/16 12:0 a.m.5 views

PT-2006-4995 · Mywebland · Mywebland Minibloggie

Name of the Vulnerable Software and Affected Versions: myWebland miniBloggie versions 1.0 and earlier Description: The issue allows remote attackers to potentially execute arbitrary PHP code via a URL in the fname parameter in the cls fast template.php file. However, another researcher was unable...

7.5CVSS7.9AI score0.04087EPSS
Exploits1References5
NVD
NVD
added 2004/12/31 5:0 a.m.13 views

CVE-2004-2170

Directory traversal vulnerability in sampleshowcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter...

5CVSS6.7AI score0.0351EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2000/03/03 12:0 a.m.71 views

SGI InfoSearch infosrch.cgi fname Parameter Arbitrary Command Execution

The remote web server is hosting the 'infosrch.cgi' script. The installed version of this script fails to properly sanitize user- supplied input to the 'fname' variable. An attacker, exploiting this flaw, could execute arbitrary commands on the remote host subject to the privileges of the web...

7.5CVSS6AI score0.07655EPSS
Exploits0References2
Rows per page
Query Builder