vBulletin 'index.php' Remote File Inclusion Vulnerability

vBulletin is a WEB application. A remote file inclusion vulnerability exists in vBulletin 'index.php', which allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary code with WEB privileges...

WordPress bSuite plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. bSuite plugin is used in one of the plugin used to view the number of keyword searches . A cross-site scripting...

The vulnerability of the “index.php” script in the microprogramming software for network storage devices from Western Digital MyCloud NAS allows for the execution of arbitrary commands.

The vulnerability of the “index.php” script in the microprogramming software of Western Digital MyCloud NAS is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in uistats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 s or 2 p parameters to index.php...

CVE-2011-4955

Multiple cross-site scripting XSS vulnerabilities in uistats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 s or 2 p parameters to index.php...

CVE-2017-17645

Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php...

CVE-2017-17645

CVE-2017-17645 affects Bus Booking Script 1.0. The vulnerability is a SQL Injection via the txtname parameter in admin/index.php, caused by unsanitized input in a PHP/MySQL-based web app. Public references (NVD, CNVD, CVE records) describe SQL injection as the issue, with in-the-wild PoCs/exploit...

CVE-2017-17733

Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request...

CVE-2017-17733

CVE-2017-17733 affects Maccms 8.x. The vulnerability allows remote command execution via the wd parameter in an index.php?m=vod-search request. Primary impact is remote code execution with partial confidentiality/integrity/availability concerns (per NVD CVSS 2.0/3.0 data). Connected sources (Red ...

Movie Guide 2.0 - SQL Injection

Exploit Title: Movie Guide 2.0 - SQL Injection Dork: N/A Date: 15.12.2017 Vendor Homepage: http://applebitemedia.com/ Software Link: http://applebitemedia.com/amwdl/AMMovieGuide.tar.gz Version: 2.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan Sencan Author Web:...

CVE-2017-17587

FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter...

Sql injection

FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter...

CVE-2017-17587

FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter...

androidrevolution.nl XSS vulnerability

Open Bug Bounty ID: OBB-448032 Description| Value ---|--- Affected Website:| androidrevolution.nl Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

webapps.fitzmuseum.cam.ac.uk XSS vulnerability

Vulnerable URL: http://webapps.fitzmuseum.cam.ac.uk/explorer/index.php/"'--!confirm/OPENBUGBOUNTY/...

Directory traversal

LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php...

WordPress: Arbitrary file deletion in wp-core - guides towards RCE and information disclosure

Vulnerable place 1: wp-admin/post.php $newmeta'thumb' is placed into DB not sanitized directly from user input. case 'editattachment': checkadminreferer'update-post' . $postid; // Don't let these be changed unset$POST'guid'; $POST'posttype' = 'attachment'; // Update the thumbnail filename $newmet...

isara.cvc.ac.th XSS vulnerability

Open Bug Bounty ID: OBB-390772 Description| Value ---|--- Affected Website:| isara.cvc.ac.th Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

EyesOfNetwork web interface 'host' parameter SQL injection vulnerability

EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides features such as a business process configuration tool, generating pop-up windows when events occur in the active queue, and more. The EyesOfNetwork web interface aka eonweb is one of these web interfaces...

iProject Management System SQL Injection Vulnerability

iProject Management System is a project management software for SMEs. A SQL injection vulnerability exists in iProject Management System version 1.0. The vulnerability can be exploited by remote attackers to inject SQL commands by sending the 'ID' parameter to the index.php file...