Sql injection

SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php...

CVE-2012-5701

Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 searchstring or 2 where parameter in a contacts action, 3 deptid parameter in a departments action, 4 projectid parameter in a project action, or...

CVE-2012-5701

Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 searchstring or 2 where parameter in a contacts action, 3 deptid parameter in a departments action, 4 projectid parameter in a project action, or...

CVE-2014-8307

Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...

Open redirect

Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header to 1 index.php, 2 cart.php, 3 msg.php, or 4 page.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...

客客专业威客系统程序xss漏洞

简要描述： 参数完全没控制. 之前有个selfxss不给我审核过.. 详细说明： /control/user/shopsetting.php $shopname, 'shopslogans' =$shopslogans, 'seotitle' =$seotitle, 'seokeyword' =$seokeyword, 'seodesc' =$seodesc, ; $intRes = $objShopT-save$arrData,array'shopid'=$shopInfo'shopid'; unset$objShopT;...

CVE-2014-8293

Cross-site scripting XSS vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMGsignintopic parameter to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMGsignintopic parameter to index.php...

CVE-2014-8293

CVE-2014-8293 affects Voice Of Web AllMyGuests 0.4.1 with a reflected XSS via the AMG_signin_topic parameter to index.php. The vulnerability allows remote attackers to inject arbitrary JavaScript/HTML into the page. The provided sources consistently describe the issue but do not specify affected ...

CVE-2014-8070

Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to index.php/user/logout...

Open redirect

Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to index.php/user/logout...

CVE-2014-8070

Pagekit CMS 0.8.7 is affected by CVE-2014-8070, an open redirect vulnerability. A crafted value in the redirect parameter to index.php/user/logout can redirect users to arbitrary sites, enabling phishing via trust manipulation. The OpenVAS/NVD entries corroborate a cross-site redirect risk and th...

Cross site scripting

Cross-site scripting XSS vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to setup/index.php...

CVE-2014-4737

Cross-site scripting XSS vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to setup/index.php...

LittleSite 0.1 /index.php 任意文件下载漏洞

No description provided by source...

OsClass 3.4.1 (index.php, file param) - Local File Inclusion

No description provided by source...

Joomla Spider Calendar <= 3.2.6 - SQL Injection

No description provided by source. !/usr/bin/env python -- coding:utf-8 -- from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class TestPOCPOCBase: vulID = '87242' version = '1' vulDate = '2014-08-31' author = 'anonymous' createDate =...

CVE-2014-4735

Cross-site scripting XSS vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php...