7210 matches found
CVE-2013-4888
Cross-site scripting XSS vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page...
CVE-2013-4888
CVE-2013-4888 (Digital Signage Xibo 1.4.2) is a documented XSS in index.php via the layout parameter on the layout page; CVE-2013-4889 describes CSRF that can hijack admin actions (e.g., AddUser) and, as noted, can enable XSS through the same page. Exploitation details are present (e.g., CSRF exp...
CVE-2013-4887
CVE-2013-4887 affects Digital Signage Xibo 1.4.2. The vulnerability is a SQL injection in the web interface (index.php) that can be exploited via the displayid parameter to execute arbitrary SQL commands. Documented impact indicates remote attackers may obtain partial confidentiality/integrity/av...
Light Weight Calendar index.php date Parameter PHP Code Execution - Ver2 (CVE-2006-0206)
A code execution vulnerability has been reported in Light Weight Calendar. The vulnerability is due to the application does not validating the 'date' variable upon submission to the 'index.php' script. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrar...
Eventum - Insecure File Permissions
source: https://www.securityfocus.com/bid/65186/info Eventum is prone to an insecure file-permission vulnerability. An attacker can exploit this issue to reinstall vulnerable application. This may aid in further attacks. Eventum 2.3.4 is vulnerable; other versions may also be affected. Following...
CVE-2012-6631
Cross-site request forgery CSRF vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts via a new-client action...
Discuz! x3.1 index.php 代码执行漏洞
No description provided by source...
Discuz! x3.1 /utility/convert/index.php 代码执行漏洞
No description provided by source...
AppCMS 1.3.890 /index.php SQL注入漏洞
No description provided by source...
Lowest Unique Bid Auction - SQL Injection
Lowest Unique Bid Auction - SQL Injection | \ | | | | / | | | | | | | | | | // \ \ / / | | | | | | |/ | ' \ \ \ / / | | | \ \ /\ V / | | || | || | | | | | | / || \| / /||,|||/|| || |/ || Lowest unique bid auction, SQLi Vulnerabilities Product Page:...
[SOJOBO-ADV-13-04] - PHP-Nuke 8.2.4 multiple vulnerabilities
SOJOBO-ADV-13-04 - PHP-Nuke 8.2.4 multiple vulnerabilities I. Information ================== Name : PHP-Nuke 8.2.4 multiple vulnerabilities Software : PHP-Nuke 8.2.4 and possibly below. Vendor Homepage : http://www.phpnuke.org/ Vulnerability Type : File Inclusion and Reflected Cross-Site Scriptin...
Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities
Document Title: =============== Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1120 Release Date: ============= 2013-10-26 Vulnerability Laboratory ID VL-ID: ==================================...
pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities
Document Title: =============== pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1130 Release Date: ============= 2013-11-01 Vulnerability Laboratory ID VL-ID:...
CVE-2013-5108
Multiple cross-site scripting XSS vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 db parameter on the login page or 2 username parameter in a login.index action to index.php and other unspecified parameters...
CVE-2013-6341
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php...
CVE-2013-6341
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php...
CVE-2013-6341
CVE-2013-6341 : Dokeos up to 2.2 RC2 has a SQL injection via the GET parameter “language” sent to /index.php. Root cause: insufficient validation of the language parameter. Impact: remote attacker can execute arbitrary SQL commands against the application database (high risk). Affected: Dokeos 2....
CVE-2013-4573
Cross-site scripting XSS vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php...
phpweb /down/class/index.php SQL注入漏洞
No description provided by source...
Cross site scripting
Cross-site scripting XSS vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php...