CVE-2014-9445

SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting XSS attacks by creating a file that generates an error...

Sql injection

SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting XSS attacks by creating a file that generates an error...

CVE-2011-5316

Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

CVE-2011-5307

Cross-site scripting XSS vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter...

CVE-2011-5315

Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

CVE-2011-5307

CVE-2011-5307 is a publicly known XSS vulnerability in the WordPress PhotoSmash plugin version 1.0.1, exposed via index.php where the action parameter can be exploited to inject arbitrary web scripts/HTML. The NVD entry lists a MEDIUM severity (CVSS2: AV:N/AC:M/Au:N/I:P/C:N, base 4.3) with no con...

CVE-2011-5316

Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

CVE-2011-5316

The CVE-2011-5316 entry concerns a CSRF flaw in the Cambio 0.5a nightly r37 release, specifically affecting the admin/index.php handler. The underlying issue allows an attacker to hijack an administrator’s session and perform credential-changing actions via a seemingly legitimate user-initiated r...

WordPress PhotoSmash Plugin <= 1.0.1 - XSS

Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the "action" parameter. Solution Update the plugin...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERYSTRING to serendipity/index.php...

Sql injection

bbfuncunsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php...

CVE-2014-9254

bbfuncunsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php...

CVE-2012-1203

The CVE-2012-1203 entry describes a CSRF vulnerability in SyndeoCMS (starnet/index.php) affecting version 3.0 and earlier. The underlying issue is CSRF that allows remote attackers to hijack an administrator’s session to perform add-user actions via a save_user request. Affected component/file: s...

FreePBX Framework Asterisk Recording Interface unserialize Code Execution (CVE-2014-7235)

A code execution vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the index.php file of the recordings directory...

CVE-2014-9241

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the 1 type parameter to report.php, 2 signature parameter in a doeditsig action to usercp.php, or 3 title parameter in the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the 1 type parameter to report.php, 2 signature parameter in a doeditsig action to usercp.php, or 3 title parameter in the...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 file or 2 directory folder name of an uploaded file...

CVE-2014-9176

The CVE-2014-9176 entry describes a cross-site scripting (XSS) vulnerability in the WordPress plugin InstaSqueeze Sexy Squeeze Pages, exploitable via the id parameter to lp/index.php. Connected sources confirm the affected component and payload path; no explicit exploit details or affected versio...

CVE-2014-7847

iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service resource consumption by triggering the calculation of an estimated latitude and longitude for an IP address...

CVE-2014-8539

Cross-site scripting XSS vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the modsimpleemailformfield21 parameter to index.php...