154 matches found
CVE-2018-18082
XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI...
CVE-2018-11735
index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter...
Cross site scripting
index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter...
CVE-2018-11735
index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter...
CVE-2017-11685
Multiple Reflective cross-site scripting XSS vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter...
CVE-2017-11685
Multiple Reflective cross-site scripting XSS vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter...
CVE-2016-5049
Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. dot dot in the SESID parameter in conjunction with a filename in the FNAME parameter...
Directory traversal
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the 1 tmpid parameter to websitebuilder/showtemplateimage.php, 2 fname parameter to admin/downloadfile.php, or 3 id parameter to support/admin/csvdownload.php; or ...
CVE-2013-7190
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the 1 tmpid parameter to websitebuilder/showtemplateimage.php, 2 fname parameter to admin/downloadfile.php, or 3 id parameter to support/admin/csvdownload.php; or ...
Sql injection
SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action...
CVE-2008-2781
SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action...
PT-2006-4995 · Mywebland · Mywebland Minibloggie
Name of the Vulnerable Software and Affected Versions: myWebland miniBloggie versions 1.0 and earlier Description: The issue allows remote attackers to potentially execute arbitrary PHP code via a URL in the fname parameter in the cls fast template.php file. However, another researcher was unable...
CVE-2004-2170
Directory traversal vulnerability in sampleshowcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter...
SGI InfoSearch infosrch.cgi fname Parameter Arbitrary Command Execution
The remote web server is hosting the 'infosrch.cgi' script. The installed version of this script fails to properly sanitize user- supplied input to the 'fname' variable. An attacker, exploiting this flaw, could execute arbitrary commands on the remote host subject to the privileges of the web...