7210 matches found
CVE-2020-8947
functionsnetflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nfliveview ipdst, dstport, or srcport parameter, a different vulnerability than CVE-2019-20224...
CVE-2011-4938
Multiple cross-site scripting XSS vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to 1 index.php and 2 loader.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to 1 index.php and 2 loader.php...
CVE-2011-4938
CVE-2011-4938 affects Ariadne 2.7.6, with multiple XSS vulnerabilities that allow remote injection of arbitrary web script or HTML via PATH_INFO to index.php and loader.php. The vulnerability is caused by improper handling of PATH_INFO inputs, leading to script execution under the context of the ...
CVE-2011-4938
Multiple cross-site scripting XSS vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to 1 index.php and 2 loader.php...
CVE-2020-8825
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS...
Cross site scripting
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS...
CVE-2020-8825
Vanilla Forums 2.6.3 is affected by a stored cross-site scripting (XSS) vulnerability in index.php?p=/dashboard/settings/branding. The issue arises from insufficient input validation in the branding settings page, enabling an attacker to inject payloads that can execute in a user’s browser. The C...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YIICSRFTOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php...
CVE-2020-8641
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php pageslug parameter...
CVE-2020-8641
Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php pageslug parameter...
CVE-2013-2623
Cross-site Scripting XSS in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "femail" parameter in index.php...
Cross site scripting
Cross-site Scripting XSS in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "femail" parameter in index.php...
CVE-2013-2623
Cross-site Scripting XSS in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "femail" parameter in index.php...
Lotus Core CMS 1.0.1 - Local File Inclusion
Exploit Title: Lotus Core CMS 1.0.1 - Local File Inclusion Google Dork: N/A Date: 2020-01-31 Exploit Author: Daniel Monzón stark0de Vendor Homepage: http://lotuscore.sourceforge.net/ Software Link: https://sourceforge.net/projects/lotuscore/files/latest/download Version: 1.0.1 Tested on: Windows ...
CVE-2012-1495
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the formsingleuserlogin parameter...
Cross site scripting
Multiple Cross-site Scripting XSS vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters...
CVE-2011-3595
CVE-2011-3595 involves multiple Cross-site Scripting (XSS) vulnerabilities in Joomla! up to version 1.7.0. The issue resides in index.php, within the search word, extension, asset, and author parameters, enabling XSS in affected requests. The provided documents confirm the affected software versi...
CVE-2019-20381
TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491...
CVE-2019-20381
TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491...