CVE-2015-5066

Multiple cross-site scripting XSS vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 content or 2 title field in an add action in the posts page to index.php or the 3 q parameter in the posts page to index.php...

CVE-2015-5066

Multiple cross-site scripting XSS vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 content or 2 title field in an add action in the posts page to index.php or the 3 q parameter in the posts page to index.php...

GeniXCMS 0.0.3 - Cross-Site Scripting

GeniXCMS 0.0.3 - Cross-Site Scripting Exploit Title: Persistent XSS Google Dork: intitle: Persistent XSS Date: 2015-06-21 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: genixcms.org Software Link: genixcms.org Version: 0.0.3 Tested on: windows 7 Category:...

ClickHeat Cross-Site Request Forgery Vulnerability

ClickHeat is Labsmedia Cloud Computing Center developed a set of open source website heat map generation tool . The tool can count the heat distribution map of user clicks on a page , and support for Chinese display . ClickHeat 1.14 and previous versions of cross-site request forgery vulnerabilit...

CVE-2015-4713

Affected software: ApPHP Hotel Site 3.x.x. Vulnerability: SQL injection via the pid parameter to index.php, enabling arbitrary SQL commands to be executed by remote attackers. Root cause (as stated): Insufficient input filtering/validation of the pid parameter, permitting crafted input to alter S...

Projectsend r572 Cross Site Scripting

Title: Projectsend r572 - Cross Site Scripting Reflected Disclosed: 5/28/15 Vendor Patched: 6/6/15 Published: 6/10/15 Credit: Matt Landers - [email protected] Original Advisory: www.mjltech.net/adv/MJLTECH%20-%20Projectsend%20R572%20XSS.txt...

CVE-2015-2266

message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and...

CVE-2012-4901

Template CMS (version 2.1.1 and earlier) is affected by a Cross‑Site Scripting (CWE-79) vulnerability in the themes_editor parameter passed to admin/index.php during add_template, enabling remote injection of arbitrary HTML/JS. Public advisories (HTB23115) describe the issue and note CSRF concern...

Fiyo-cms 2.018 /dapur/index.php SQL注入漏洞

漏洞链接： http://localhost/fiyo/dapur/index.php?app=user&act=edit&id=1sqli Parameter: id Type: UNION query Title: MySQL UNION query NULL - 10 columns Payload: app=user&act=edit&id=-1874 UNION ALL SELECT NULL,NULL,CONCAT0x7171676471,0x66457070464452786c58,0x716a767471,NULL,NULL,NULL,NULL,NULL,NULL,NUL...

FineCMS v2.3.5 /member/index.php SQL注入漏洞

No description provided by source...

WordPress WP Photo Album Plus Plugin <= 4.9.2 - XSS

This plugin is prone to index.php wppa-tag parameter cross site scripting vulnerability. Solution Update the plugin...

WordPress WooCommerce Predictive Search Plugin <= 1.0.5 - XSS

This plugin is prone to a cross site scripting vulnerability in index.php rs parameter. Solution Update the plugin...

WordPress xili-language Plugin <= 2.8.5 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability in index.php lang parameter. Solution Update the plugin...

Sql injection

Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 userpass parameter in gologin.php or the PATHINFO to 3 gologin/validatecredentials/admin/ or 4 index.php/gosite/gogetuserinfo/...

Pragyan 3.0 /index.php SQL注入漏洞

No description provided by source...

ProjectSend r561 CSRF / XSS / Shell Upload

Author: TUNISIAN CYBER + Title: ProjectSend Multiple Vulnerabilities + Date: 25-04-2015 + Vendor: http://www.projectsend.org/ + Download:http://www.projectsend.org/download/67/ + Type: WebAPP + Tested on: KaliLinux Debian + Twitter: @TCYB3R It's a long one so let's start... I/ CSRF: Add Admin...

ProjectSend r561 Multiple Vulnerabilities

ProjectSend version r561 suffers from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities. + Author: TUNISIAN CYBER + Title: ProjectSend r561 Multiple Vulnerabilities + Date: 25-04-2015 + Vendor: http://www.projectsend.org/ +...

CVE-2014-9146

Multiple cross-site scripting XSS vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the 1 view, 2 id, 3 page, or 4 app parameter to the default URI or the 5 act parameter to dapur/index.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the 1 view, 2 id, 3 page, or 4 app parameter to the default URI or the 5 act parameter to dapur/index.php...

dyp2p v3.0 index.php SQL注入漏洞

No description provided by source...