CVE-2013-6037

Cross-site scripting XSS vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgid parameter...

storytlr "search"跨站脚本漏洞

storytlr是一款博客平台。 由于通过"search"参数传递到index.php/search/的输入在protected/application/public/controllers/SearchController.php中被返回用户前未能正确过滤，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 storytlr 1.2 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://storytlr.org/...

PyroCMS "email"跨站脚本漏洞

PyroCMS是一款内容管理系统。 由于传递到index.php/register中"email" POST参数的输入在返回用户前未能正确过滤，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 PyroCMS 2.2.3 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： https://www.pyrocms.com/...

CVE-2014-2316

Technical details for CVE-2014-2316 are not provided in the connected documents. The initial description notes an SQL injection in the Search Everything WordPress plugin, but no further specifics (versions, root cause, exploit, or patch) are present. Monitor for updates.

Aker Secure Mail Gateway reflected XSS vulnerability

Overview Aker Secure Mail Gateway 2.5.2 and previous versions contain a reflected cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2013-6037Aker Secure Mail Gateway 2.5.2 and previous versions...

Sql injection

SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the login page in Open Web Analytics OWA before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owauserid parameter to index.php...

couponPHP CMS 1.0 Multiple Stored XSS and SQL Injection Vulnerabilities

Summary couponPHP is a revolutionary content management system for running Coupon and Deal websites. It is feature rich, powerful, beautifully designed and fully automatic. Description couponPHP is vulnerable to multiple Stored XSS and SQL Injection issues. Input passed via the parameters...

Joomla! Wire Immogest组件'index.php' SQL注入漏洞

Bugtraq ID:65606 Joomla!是一套在国外相当知名的内容管理系统。 Joomla! Wire Immogest组件'index.php'不正确过滤用户提交给'id'参数的数据，允许远程攻击者利用漏洞提交特制的SQL查询，可操作或者获取数据库数据。 0 Joomla! Wire Immogest 目前没有详细解决方案提供： http://www.joomla.org/...

ShopNc 6.0 /index.php SQL注入漏洞

No description provided by source...

Joomla! ‘index.php’ SQL注入漏洞

BUGTRAQ ID: 65410 Joomla!是美国Open Source Matters团队开发的一套开源的内容管理系统CMS。该系统提供RSS馈送、网站搜索等功能。 Joomla!中存在SQL注入漏洞，该漏洞源于程序使用SQL查询语句之前没有充分过滤用户提交的输入。攻击者可利用该漏洞控制应用程序，访问或修改数据，或利用底层数据库中潜在的漏洞。Joomla! 3.2.1版本中存在漏洞，其他版本也可能受到影响。 0 Joomla! 3.2.1 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.joomla.org/...

Joomla Wire Immogest SQL Injection

IIIIIIII RRRRRRRRRRRR HHHHHHHH HHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRRRRRRRR HHHHHHHHHHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIIIIIII RRRRRRRR RRRRRR...

CVE-2013-2585

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...

CVE-2014-1401

Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 search parameter to mod/content/content.php or 2 CLIENTIP, 3 XFORWARDEDFOR, 4 XFORWARDED, 5 FORWARDEDFOR, or 6 FORWARDED HTTP header to index.php...

Iconify SkyBlueCanvas‘index.php’远程命令注入漏洞

Bugtraq ID:65129 CVE:CVE-2014-1683 SkyBlueCanvas是Iconify公司的一套轻量级Web内容管理系统。该系统使用XML存储数据，并提供主题、附加组件、问题报告等功能。 Iconify SkyBlueCanvas中存在远程命令注入漏洞。攻击者可利用该漏洞在受影响应用程序上下文中执行任意命令，有助于发起进一步攻击。SkyBlueCanvas 1.1 r248-03版本中存在漏洞，其他版本也可能受到影响。 0 SkyBlueCanvas 1.1 r248-03 厂商补丁： Iconify -----...

Wordcircle index.php password Parameter SQL Injection - Ver2 (CVE-2006-0205)

An SQL injection vulnerability has been reported in Wordcircle. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

PHPjournaler index.php readold Parameter SQL Injection - Ver2 (CVE-2006-0066)

An SQL injection vulnerability has been reported in PHPjournaler. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

WMNews index.php base_datapath Parameter PHP Code Execution - Ver2 (CVE-2006-3928)

A code execution vulnerability has been reported in WMNews. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2013-4887

SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter...

CVE-2013-4889

Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...