CVE-2017-17598

Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter...

Exponent CMS 2.4.1 SQL Injection Vulnerability

Exponent CMS versions 2.4.1 and below suffer from a remote SQL injection vulnerability. CVE-2017-7991-SQL injection-Exponent CMS Suggested description Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of...

MODX Revolution 'setup/controllers/welcome.php' file remote code execution vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A security vulnerability exists in the setup/controllers/welcome.php file in MODX Revolution 2.5.4-pl an...

CVE-2016-6266

cccaajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 host or 2 apikey parameter in a register action, 3 enable parameter ...

Reflective Cross-Site Scripting Vulnerability in Knight Talent System 'key' Parameter

Knight Talent System is a professional talent system based on PHP + MYSQL as the core development, free + open source. A reflective cross-site scripting vulnerability exists in the search 'key' parameter of the Knight Talent System v4.0 job search function. The vulnerability allows attackers to...

PT-2016-7991

Name of the Vulnerable Software and Affected Versions iSelect version 1.4.0-2+b1 Description A local buffer overflow occurs when an oversized value is supplied to the -k/--key parameter. This allows local attackers to overflow a 1024-byte stack buffer using a malicious argument containing a NOP...

CVE-2015-5076

Multiple cross-site scripting XSS vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 version parameter in protected/views/admin/formEditor.php; the 2 importId parameter in protected/views/admin/rollbackImport.php; the 3 bc, 4 fg,...

Cross site scripting

Cross-site scripting XSS vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the contextkey parameter...

CVE-2014-3080

Multiple cross-site scripting XSS vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to kvm.cgi or 2 the key parameter to avctalert.php...

CVE-2014-4603

Multiple cross-site scripting XSS vulnerabilities in yupdatesapplication.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 secret, 2 key, or 3 appid parameter...

LinEx - Password Reset Vulnerability

No description provided by source. Exploit Title: LinEx All Versions Password Reset Vulnerability Google Dork: linkex.dk 2006-2011 Date: 15/01/2014 Exploit Author: N B Sri Harsha Reconnect Gray hat Vendor Homepage: http://linkex.dk/ Software Link: http://linkex.dk/releases/linkex.20120508.zip...

LinEx Password Reset

Exploit Title: LinEx All Versions Password Reset Vulnerability Google Dork: linkex.dk 2006-2011 Date: 15/01/2014 Exploit Author: N B Sri Harsha Reconnect Gray hat Vendor Homepage: http://linkex.dk/ Software Link: http://linkex.dk/releases/linkex.20120508.zip Version: All Versions LinkEx Is A Open...

CVE-2013-6993

Cross-site scripting XSS vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php...

DEBIAN-CVE-2011-3848

Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request CSR to arbitrary locations via 1 a double-encoded key parameter in the URI in 2.7.x, 2 the CN in the Subject of a CSR in 2.6 and 0.25...

Multiple Vulnerabilities in BloofoxCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BloofoxCMS which could be exploited to perform cross-site request forgery and SQL injection attacks. 1 Cross-site request forgery CSRF in BloofoxCMS The vulnerability exists due to insufficient validation of the...

CVE-2009-3196

Cross-site scripting XSS vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter...

CVE-2009-2778

Cross-site scripting XSS vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-2777

SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-2777

SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter...