CVE-2018-8906

dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/addressid/2.html...

CVE-2018-8805

Yxcms building system compatible cell phone v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extendguestbook.php or protected\apps\default\view\mobile\extendguestbook.php in an index.php?r=default/column/index&col=guestbook request...

CVE-2018-7474

An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php...

CVE-2018-7474

An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php...

CVE-2018-7474

An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php...

www2.produktinfo.conrad.de XSS vulnerability

Open Bug Bounty ID: OBB-579604 Description| Value ---|--- Affected Website:| www2.produktinfo.conrad.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

TextPattern 4.6.2 - qty SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474...

Design/Logic Flaw

Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channelname parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php...

CVE-2018-8056

Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channelname parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php...

CVE-2018-7653

In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter...

CVE-2018-7653

In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter...

rus.log.ee XSS vulnerability

Open Bug Bounty ID: OBB-573134 Description| Value ---|--- Affected Website:| rus.log.ee Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

meditox.eu XSS vulnerability

Open Bug Bounty ID: OBB-572639 Description| Value ---|--- Affected Website:| meditox.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Design/Logic Flaw

Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php...

CVE-2018-7172

In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal...

nutten69.com XSS vulnerability

Open Bug Bounty ID: OBB-568923 Description| Value ---|--- Affected Website:| nutten69.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

shogi.net XSS vulnerability

Open Bug Bounty ID: OBB-565102 Description| Value ---|--- Affected Website:| shogi.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cross site request forgery (csrf)

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request...

CVE-2018-7219

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request...

Code injection

trixbox 2.8.0.4 has XSS via the PATHINFO to /maint/index.php or /user/includes/language/langChooser.php...