156 matches found
CVE-2017-17102
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $REQUEST'link'...
Wordpress plugin Social Stream API secret key information leakage vulnerability
WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. Wordpress plugin Social-Stream uses the Twitter API key as a parameter of the URL link There is an information leakage that can be...
Khan Academy: Html injection on khanacademy
There's an HTML Injection Vulnerability exists in khanacademy . Affected parameters "linkSuccess=" Steps to reproduce: 1. first open your account on khanacademy. 2.enter the link in the url box. http://khanacademy.org/settings/account?linkSuccess= 3.set any text after "=" eg...
LANDesk Management Suite Remote File Inclusion (CVE-2014-5362)
A remote file inclusion vulnerability has been reported in LANDesk Management Suite. The vulnerability is due to insufficient input validation in the HTTP path. A remote attacker could exploit the remote file inclusion vulnerability by enticing a user to click on a link with a malicious parameter...
CVE-2015-1058
Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 link, 2 title, or 3 dl parameter...
PT-2012-3975 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 2.1.x through 2.1.5 Moodle versions 2.2.x through 2.2.2 Description: The issue allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages. This is achieved by...
Directory traversal
module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" doubled dot dot slash sequences in the link parameter, which is not properly filtered using the strreplace function...
Sql injection
SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter...
CVE-2008-3404
Cross-site scripting XSS vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter...
eforum-xss.txt
eForum v0.4 - NON-PERSISTENT XSS by Omni 1 Infos --------- Date : 2008-03-05 Product : eForum Version : v 0.4 Vendor : http://www.phpbrasil.com/scripts/script.php/id/169 Vendor Status : 2008-03-18 Not Informed! 2008-03-18 Published! Description : eForum is an easy-to-install discussion board that...
Path traversal
Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" %2F sequences in the link parameter...
Directory traversal
Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. dot dot in the link parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via 1 the link parameter or 2 the User-Agent HTTP header...
MaxiSepet 1.0 - link SQL Injection
MaxiSepet 1.0 - link SQL Injection Method found by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=42 Title: MaxiSepet http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=SQL Example: GET -...