Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in 1 index.php or 2 detail.php...

CVE-2014-6070

Removed by vendor...

Sql injection

Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 resetkey or 2 inConfEmail parameter to index.php, a different vulnerability than CVE-2012-5685...

CVE-2012-6654

CVE-2012-6654 corresponds to multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier, allowing remote attackers to execute arbitrary SQL commands via the (1) resetkey or (2) inConfEmail parameters to index.php. This vulnerability is explicitly stated as different from CVE-2012-5685. T...

ThinkSAAS 2.2 GET型CSRF到Getshell

简要描述： 后台Getshell本想在XSS漏洞里一起提交的。。。结果我给忘了。 不过后来发现这个洞是Get型的CSRF，利用方便，老少咸宜，在社区CMS中可以说威力无限呀。 详细说明： /app/system/action/plugin.php 83行： case "delete": $apps = $GET'apps'; $pname = $GET'pname'; delDir'plugins/'.$apps.'/'.$pname; qiMsg'删除成功！'; break; 获得了GET到的值以后拼接成路径以后传入delDir函数。delDir函数： / 删除文件夹和文件夹下所有的文...

DirPHP 'path/index.php' Local File Include Vulnerability

DirPHP is prone to local file inclusion vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-3771

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a 1 request to index.php or 2 "changeuserlanguage" request to sources/main.queries.php...

WP Online Store 1.3.1 - index.php slug Parameter Traversal Local File Inclusion

The wp-online-store WordPress plugin was affected by an index.php slug Parameter Traversal Local File Inclusion security vulnerability...

WooCommerce Predictive Search - index.php rs Parameter XSS

The Predictive Search for WooCommerce WordPress plugin was affected by an index.php rs Parameter XSS security vulnerability...

WP Photo Album Plus - index.php wppa-tag Parameter XSS

The WP Photo Album Plus WordPress plugin was affected by an index.php wppa-tag Parameter XSS security vulnerability...

WP Forum Server 1.6.5 - index.php Multiple Parameter SQL Injection

The WP Forum Server WordPress plugin was affected by an index.php Multiple Parameter SQL Injection security vulnerability...

All-in-One Event Calendar 1.9 - index.php Multiple Parameter SQL Injection

The All-in-One Event Calendar WordPress plugin was affected by an index.php Multiple Parameter SQL Injection security vulnerability...

WordPress Simple Balance Theme <= 2.2.1 - Cross Site Scripting

This vulnerability allows remote attackers to inject arbitrary script or HTML via "index.php" file, "s" parameter. Solution Update the theme...

RSVPMaker 2.5.4 - index.php RSVP Form Multiple Field XSS

The RSVPMaker WordPress plugin was affected by an index.php RSVP Form Multiple Field XSS security vulnerability...

Path traversal

Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php...

CVE-2014-3546

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in 1 notes/index.php and 2 user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a...

UBUNTU-CVE-2014-5030

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on 1 index.html, 2 index.class, 3 index.pl, 4 index.php, 5 index.pyc, or 6 index.py...

CVE-2014-5108

Cross-site scripting XSS vulnerability in singlepages\downloadfile.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/downloadfile...

CVE-2014-5106

The CVE-2014-5106 entry describes a cross-site scripting (XSS) vulnerability in Invision Power IP.Board (IPB) 3.4.x through 3.4.6. An attacker could inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php. This applies to IPB 3.4.x–3.4.6; no exploitation details...

DirPHP 1.0 Local File Inclusion

Exploit Title: DirPHP - version 1.0 Local File Inclusion Google Dork: intext:DirPHP - version 1.0 - Created & Maintained by Stuart Montgomery Date: 7/26/14 Exploit Author: -Chosen- Contact: [email protected] Version: DirPHP - Version 1.0 Tested on: nix PoC:...