CVE-2019-15873

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...

CVE-2018-17590

AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter...

CVE-2018-17589

AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter...

LocalTapiola: Multiple Reflected XSS /webApp/lahti (viestinta.lahitapiola.fi)

Vulnerable script: /webApp/lahti Vulnerable parameters: ctxvarshtml, ctxvarszoom, ctxvarsLat, ctxvarsLng PoC 1 html parameter https://blackfan.ru/localtapiola4567uytr567tre4567ytr/poc1html.html Result: html alertdocument.location PoC 2 zoom parameter...

Home Web Server <= r1.7.1 (build 147) Gui Thread-Memory Corruption

No description provided by source. Home Web Server =r1.7.1 build 147 Gui Thread-Memory Corruption Exploit. By: Aodrulez. Homepage : http://downstairs.dnsalias.net/homewebserver.html Product Released : 22.4.2009/21:16:58 Description: This web server when fed with 1006 bytes of chr0x0d,with the htm...

JAMF Casper Suite MDM CSRF Vulnerability

Exploit for jsp platform in category web applications CVE-2012-4051 - JAMF Casper Suite MDM CSRF Vulnerability Exploit Title: JAMF Software's Casper Suite MDM Solution CSRF Date: Discovered and reported July 2012 Author: Jacob Holcomb/Gimppy042 Software JAMF Software Casper Suite...

WHMCompleteSolution (WHMCS) 5.0 - KnowledgeBase.php?search Cross-Site Scripting

WHMCompleteSolution WHMCS 5.0 - KnowledgeBase.php?search Cross-Site Scripting source: https://www.securityfocus.com/bid/53740/info WHMCS is prone to a cross-site scripting vulnerability and multiple HTML-parameter-pollution vulnerabilities because it fails to properly sanitize user-supplied input...

WHMCompleteSolution (WHMCS) 5.0 - Cross-Site Request Forgery (Multiple Application Function)

WHMCompleteSolution WHMCS 5.0 - Cross-Site Request Forgery Multiple Application Function source: https://www.securityfocus.com/bid/53740/info WHMCS is prone to a cross-site scripting vulnerability and multiple HTML-parameter-pollution vulnerabilities because it fails to properly sanitize...

WHMCompleteSolution (WHMCS) 5.0 - Cross-Site Request Forgery (Multiple Application Function)

source: https://www.securityfocus.com/bid/53740/info WHMCS is prone to a cross-site scripting vulnerability and multiple HTML-parameter-pollution vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the...

WHMCompleteSolution (WHMCS) 5.0 - &#039;KnowledgeBase.php?search&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/53740/info WHMCS is prone to a cross-site scripting vulnerability and multiple HTML-parameter-pollution vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the...

CVE-2010-5046

Cross-site scripting XSS vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter...

CVE-2009-4196

Multiple cross-site scripting XSS vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the 1 BackButton parameter to error1; 2 wzConnFlag parameter to freshpppoe1; 3...

Code injection

Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...

WordPress < 2.0.6 HTML Parameter Injection

Binary data 3873.prm...

CVE-2006-0894

Multiple cross-site scripting XSS vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the htmlerroroccurred parameter in error.php, 2 htmlfilterselect parameter in filterprefs.php, 3 htmlnomail parameter in nomail.php, the 4 pageline, 5 prev, an...

vBulletin newreply.php WYSIWYG_HTML Parameter XSS

According to its banner, the remote version of vBulletin is vulnerable to a cross-site scripting issue, due to a failure of the application to properly sanitize user-supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing scrip...