AShop 5.3.4 Cross Site Scripting

HTTPCS Advisory : HTTPCS104 Product : AShop Version : 5.3.4 Date : 2012-09-20 Criticality level : Less Critical Description : A vulnerability has been discovered in AShop, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'language' parameter...

CVE-2011-5131

Cross-site request forgery CSRF vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter...

CVE-2011-5131

Cross-site request forgery CSRF vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter...

CVE-2012-2208

Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter...

Directory traversal

Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter...

Directory traversal

Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 language parameter to learn/cubemail/install.php or 2 f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. dot dot in the...

Directory traversal

Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. dot dot in the language parameter...

CVE-2012-0998

Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. dot dot in the language parameter...

CVE-2011-1427

Multiple cross-site scripting XSS vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Language parameter to Pages/login.aspx, 2 HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or 3 User-Agent header to...

Netpet CMS Directory Traversal Vulnerability

The host is running Netpet CMS and is prone to directory traversal vulnerability. OpenVAS Vulnerability Test $Id: secpodnetpetcmsdirtravvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Netpet CMS Directory Traversal Vulnerability Authors: Madhuri D Copyright: Copyright c 2010 SecPod,...

Netpet CMS <= 1.9 Directory Traversal Vulnerability

Netpet CMS is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netpet:netpetcms";...

CVE-2009-4716

Cross-site scripting XSS vulnerability in results.php in EDGEPHP EZWebSearch allows remote attackers to inject arbitrary web script or HTML via the language parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in results.php in EDGEPHP EZWebSearch allows remote attackers to inject arbitrary web script or HTML via the language parameter...

CVE-2009-4716

Cross-site scripting XSS vulnerability in results.php in EDGEPHP EZWebSearch allows remote attackers to inject arbitrary web script or HTML via the language parameter...

PT-2009-2533 · Quicksilver +1 · Quicksilver Forums +2

Name of the Vulnerable Software and Affected Versions: Quicksilver Forums versions 1.4.2 and earlier QSF Portal versions prior to 1.4.5 Description: The issue allows remote attackers to include and execute arbitrary local files via a "" backslash in the lang parameter to "index.php". This bypasse...

CVE-2009-2923

Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. dot dot in the 1 language parameter to show.php and 2 in parameter to advancedsearch.php...

CVE-2008-6878

CVE-2008-6878 is a directory traversal vulnerability in Zen Cart where remote attackers can cause arbitrary local file inclusion via a crafted _SESSION[language] value in admin/includes/languages/english.php on Zen Cart 1.3.8a, 1.3.8 and earlier when .htaccess is not supported. The issue affects ...

Directory traversal

Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the 1 language parameter to charts.php and the 2 fretsweblanguage cookie parameter to unspecified vectors, possibly related to admin/common.php...

PT-2009-4561 · Fretsweb · Fretsweb

Name of the Vulnerable Software and Affected Versions: FretsWeb version 1.2 Description: The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This is achieved through directory traversal sequences in the language parameter to "charts.php"...