CVE-2014-8539

Cross-site scripting XSS vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the modsimpleemailformfield21 parameter to index.php...

CVE-2014-8996

Multiple cross-site scripting XSS vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 authorname or 2 content parameter to index.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 authorname or 2 content parameter to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a memberprofile action to index.php...

CVE-2014-9005

Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the 1 country, 2 gender1, or 3 gender2 parameter in a search action to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php...

CVE-2014-8629

CVE-2014-8629 affects Pandora FMS up to version 5.1 SP1, specifically the Page visualization agents. The vulnerability is an XSS flaw in the index.php endpoint where the refr parameter is returned to users without proper validation, enabling remote attackers to inject arbitrary web script or HTML...

CVE-2014-8954

CVE-2014-8954 affects phpSound up to version 1.0.5. The issue is multiple XSS vulnerabilities exploitable via (1) the Title field, (2) the Description field in playlists, or (3) the filter parameter in an explore action to index.php, enabling remote script/HTML injection. The OpenVAS entry corrob...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the 1 idcustom parameter in an amanmenu request or 2 idgame parameter in an alms/games/edit request to appCore/index.php...

Joomla MacGallery 1.5 /index.php 任意文件下载漏洞

No description provided by source...

Joomla-FaceGallery 1.0 /index.php 任意文件下载漏洞

No description provided by source...

Incredible PBX remote command execution exploit

!/usr/bin/perl Title: Incredible PBX remote command execution exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 September 2014 Coded: 21 October 2014 Published: 21 October 2014 MorXploit Research http://www.MorXploit.com Vendor: PBX in a Flash Vendor url:...

CVE-2014-7985

Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the action parameter to install/index.php...

CVE-2014-7987

Cross-site scripting XSS vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php...

Etiko CMS index.php cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Affected system: Etiko Etiko CMS Description: CVECAN ID: CVE-2 0 1 4-8 5 0 5 Etiko CMS is a content management system. Etiko CMS did not effectively verify the index. php script input, in the realization on the presence of cross-site scripting vulnerability, a remote attacker with the structure o...

Incredible PBX 2.0.6.5.0 - Remote Command Execution

Incredible PBX 2.0.6.5.0 - Remote Command Execution !/usr/bin/perl Title: Incredible PBX remote command execution exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 September 2014 Coded: 21 October 2014 Published: 21 October 2014 MorXploit Research http://www.MorXploit.com...

CVE-2014-6635

CVE-2014-6635 affects Exponent CMS 2.3.0, exposing a cross-site scripting (XSS) flaw in the src parameter of the search action to index.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML. CVSS v2 base score is 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N). Exploitation statu...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the 1 callback parameter in a colorselector action, 2 field parameter in a dateformat action, or 3 companyname parameter in an addedit action to index.php...

Incredible PBX 11 2.0.6.5.0 Remote Command Execution

!/usr/bin/perl Title: Incredible PBX remote command execution exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 September 2014 Coded: 21 October 2014 Published: 21 October 2014 MorXploit Research http://www.MorXploit.com Vendor: PBX in a Flash Vendor url:...

CVE-2014-8366

SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php...