plasticoscusen.com XSS vulnerability

Open Bug Bounty ID: OBB-281403 Description| Value ---|--- Affected Website:| plasticoscusen.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

dott.com.ng XSS vulnerability

Vulnerable URL: http://www.dott.com.ng//index.php?cityid=2〈=fr=;alert/XSSPOSED///';alert/XSSPOSED///";alert/XSSPOSED///";alert/XSSPOSED///--alert/XSSPOSED/...

Synology Photo Station Information Disclosure Vulnerability

Synology Photo Station is an online photo album and blog owned and managed by DSM users. An information disclosure vulnerability exists in index.php in Synology Photo Station. A remote attacker can exploit the vulnerability to obtain sensitive information in certain ways...

CVE-2017-11155

An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors...

CVE-2017-11155

CVE-2017-11155 affects Synology Photo Station and is described as an information-disclosure vulnerability in index.php present in versions prior to 6.7.3-3432 and 6.3-2967. Remote attackers could obtain sensitive system information via unspecified vectors. The connected sources document this CVE ...

CVE-2017-12138

XOOPS Core 2.5.8 contains an open redirect vulnerability in /modules/profile/index.php caused by the URL filter. The Nuclei template confirms an open redirect where an attacker can redirect users to a malicious site, potentially enabling phishing or other unauthorized operations. Affected softwar...

CVE-2017-11744

In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module...

Friends In War Make Or Break 1.7 SQL Injection

Exploit Title: Friends in War Make or Break 1.7 SQL Injection Dork: N/A Date: 26.07.2017 Vendor : http://software.friendsinwar.com/ Software: http://software.friendsinwar.com/downloads.php?catid=2&fileid=9 Demo: http://localhost/PATH/ Version: 1.7 Author: Ihsan Sencan SQL Injection/Exploit :...

Access Restriction Bypass

Moodle is vulnerable to access restriction bypass. The attacks exist because mod/chat/guisockets/index.php does not check for privileges for access to a daemon-mode Chat activity, allowing a malicious user unauthorized access to daemon-mode Chat activity...

qcmd.org XSS vulnerability

Vulnerable URL: http://www.qcmd.org/index.php/index.php?pageId=3=EN Details: Description| Value ---|--- Patched:| No Latest check for patch:| 23.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2056429 VIP website status:| No Check qcmd.org SSL connection:|...

hqcompany.com XSS vulnerability

Vulnerable URL: http://www.hqcompany.com/index.php?theme=7=1"...

safetyhow.com XSS vulnerability

Vulnerable URL: http://www.safetyhow.com/index.php/QualificationRequirementsForPollutionControlOfficerInThePhilippines?action=1"...

goolink.org XSS vulnerability

Vulnerable URL: http://www.goolink.org/index.php?mess=1"...

infob.de XSS vulnerability

Vulnerable URL: https://www.infob.de/index.php?go=on=1"...

Cross site scripting

In index.php in Zen Cart 1.6.0, the productsid parameter can cause XSS...

CVE-2017-10667

In index.php in Zen Cart 1.6.0, the productsid parameter can cause XSS...

members.peoplefu.com XSS vulnerability

Vulnerable URL: http://members.peoplefu.com/index.php?word=1/-///'/"//--...

Sql injection

SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account...

CVE-2017-9759

The vulnerability is a SQL Injection in the open-source CMS Zenbership version 1.0.8, located in the admin/index.php handling the filters array parameter. The issue is exploitable by a privileged account, as described in CVE-2017-9759. The connected sources consistently report this exact flaw but...

IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow (CVE-2017-1092)

A heap buffer overflow exists in IBM's Informix Dynamic Server and Informix Open Admin Tool. The vulnerability is due an input validation error when processing requests sent to index.php. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request...