Vpersian CMS SQL Injection Vulnerability

Remote SQL injection vulnerabilities in vperisan cms . Exploit Title : Vpersian CMS SQL Injection and Authentication bypass Author : Abolfazl74 Home page Link : http://vpersian.net Date : 03/02/2015 Version: All versions Google dork: intext:"VPersian CMS" email : email protected // Vulnerability...

FreePBX /recordings/index.php 'ari_auth' Cookie Authentication Bypass

The version of FreePBX hosted on the remote web server is affected by an authentication bypass vulnerability in the FreePBX ARI Framework module / Asterisk Recording Interface ARI. A remote, unauthenticated attacker can exploit this issue to gain full administrator access to the FreePBX server by...

Sql injection

Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the 1 productbycat parameter to product.php, or 2 username or 3 password parameter to admin/index.php...

CVE-2015-1450

CVE-2015-1450 is a SQL injection vulnerability in Restaurant Biller. The issue arises because the cid parameter in the category action to index.php is not properly filtered, allowing remote attackers to execute arbitrary SQL commands. Affected component: Restaurant Biller category action handling...

Sql injection

Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the 1 jakdeletelog or 2 ssp parameter to admin/index.php...

Sql injection

SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter...

CVE-2015-1040

Multiple cross-site scripting XSS vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lrealname field in the editProfile form to index.php/home/profile; the 2 datatitle or 3 datadescription field in the...

DzzOffice 1.2.2 /index.php 本地文件包含漏洞

Index.php$dzz = C::app; $mod = getgpc'mod'; $mod = !empty$mod ? $mod : ''; $op = !empty$GET'op' ? $GET'op' : 'index'; $cachelist = array; $dzz-cachelist = $cachelist; $dzz-init; //调用各自的模块 ifempty$mod if$G'uid'1 && $G'setting''loginset''available' @header"Location: user.php?mod=logging"; exit;...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the 1 sEcho parameter to commentspaginate.php or 2 storespaginate.php or the 3 affiliateurl, 4 description, 5 domain, 6...

Directory traversal

Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. dot dot in the url parameter to photoalbum/index.php...

CVE-2014-100025

Cross-site request forgery CSRF vulnerability in index.php/userdata/insertuser in Savsoft Quiz allows remote attackers to hijack the authentication of administrators for requests that create an administrator account via a crafted request...

CVE-2014-100010

Cross-site scripting XSS vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php...

CVE-2014-100010

Cross-site scripting XSS vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php...

CVE-2014-100010

ClanSphere 2011.4 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php. The vulnerability is supported by multiple sources (NVD and OpenVAS) with a CVSS v2 base score of ...

CVE-2014-10007

Multiple cross-site scripting XSS vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, or 3 subject parameter in a contact action to index.php...

Multiple HTML Injection Vulnerabilities in BEdita CMS 'index.php'

BEdita is a web development framework that provides a full-featured content management system. Multiple HTML injection vulnerabilities exist in BEdita CMS 'index.php' because it fails to properly filter user-supplied input. An attacker can execute the provided HTML and script code in the context ...

CVE-2015-0917

Cross-site scripting XSS vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php...

CVE-2015-0917

Summary: CVE-2015-0917 is an XSS vulnerability in Kajona CMS backend before version 4.6.3, exploitable via the action parameter to index.php. Connected sources confirm the affected product and vulnerable parameter; no explicit remediation details are provided in the supplied documents. The exploi...

Sql injection

Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via 1 the filename parameter in an attachment action, 2 the post parameter in a showcomment action, 3 the sys-name parameter in an rssfeed action, or 4 the...

CVE-2010-5317

Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via 1 the filename parameter in an attachment action, 2 the post parameter in a showcomment action, 3 the sys-name parameter in an rssfeed action, or 4 the...