Lucene search
K

156 matches found

OSV
OSV
added 2017/12/04 8:29 a.m.3 views

CVE-2017-17102

Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $REQUEST'link'...

7.5CVSS5.8AI score0.01084EPSS
Exploits1References1
CNVD
CNVD
added 2017/05/27 12:0 a.m.4 views

Wordpress plugin Social Stream API secret key information leakage vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. Wordpress plugin Social-Stream uses the Twitter API key as a parameter of the URL link There is an information leakage that can be...

6.3AI score
Exploits0References1
Hacker One
Hacker One
added 2015/08/20 8:5 a.m.23 views

Khan Academy: Html injection on khanacademy

There's an HTML Injection Vulnerability exists in khanacademy . Affected parameters "linkSuccess=" Steps to reproduce: 1. first open your account on khanacademy. 2.enter the link in the url box. http://khanacademy.org/settings/account?linkSuccess= 3.set any text after "=" eg...

0.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/07/12 12:0 a.m.34 views

LANDesk Management Suite Remote File Inclusion (CVE-2014-5362)

A remote file inclusion vulnerability has been reported in LANDesk Management Suite. The vulnerability is due to insufficient input validation in the HTTP path. A remote attacker could exploit the remote file inclusion vulnerability by enticing a user to click on a link with a malicious parameter...

6.5CVSS6.7AI score0.03162EPSS
Exploits4
NVD
NVD
added 2015/01/16 3:59 p.m.22 views

CVE-2015-1058

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

4.3CVSS5.8AI score0.04266EPSS
Exploits2References9
Prion
Prion
added 2012/10/09 3:55 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 link, 2 title, or 3 dl parameter...

2.6CVSS6.1AI score0.03031EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2012/07/21 12:0 a.m.3 views

PT-2012-3975 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 2.1.x through 2.1.5 Moodle versions 2.2.x through 2.2.2 Description: The issue allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages. This is achieved by...

4CVSS6.1AI score0.01004EPSS
Exploits0References7
Prion
Prion
added 2009/08/24 7:30 p.m.15 views

Directory traversal

module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" doubled dot dot slash sequences in the link parameter, which is not properly filtered using the strreplace function...

5.1CVSS7.8AI score0.02002EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2008/11/24 5:30 p.m.17 views

Sql injection

SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter...

7.5CVSS9AI score0.00967EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2008/07/31 4:41 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter...

4.3CVSS6.1AI score0.0173EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2008/07/31 4:0 p.m.23 views

CVE-2008-3404

Cross-site scripting XSS vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter...

5.7AI score0.0173EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2008/03/19 12:0 a.m.31 views

eforum-xss.txt

eForum v0.4 - NON-PERSISTENT XSS by Omni 1 Infos --------- Date : 2008-03-05 Product : eForum Version : v 0.4 Vendor : http://www.phpbrasil.com/scripts/script.php/id/169 Vendor Status : 2008-03-18 Not Informed! 2008-03-18 Published! Description : eForum is an easy-to-install discussion board that...

7.4AI score
Exploits0
Prion
Prion
added 2008/01/09 12:46 a.m.14 views

Path traversal

Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" %2F sequences in the link parameter...

5CVSS7.2AI score0.01289EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2007/12/15 1:46 a.m.12 views

Directory traversal

Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. dot dot in the link parameter...

5CVSS7.2AI score0.02819EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/12/11 9:46 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via 1 the link parameter or 2 the User-Agent HTTP header...

4.3CVSS6.1AI score0.0414EPSS
Exploits1References6Affected Software1
exploitpack
exploitpack
added 2006/06/11 12:0 a.m.19 views

MaxiSepet 1.0 - link SQL Injection

MaxiSepet 1.0 - link SQL Injection Method found by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=42 Title: MaxiSepet http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=SQL Example: GET -...

8.7AI score
Exploits0
Rows per page
Query Builder