76 matches found
CVE-2018-18551
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, groupdelete.html group parameter, reportsave.html query parameter, sensors.html...
CVE-2018-18551
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, groupdelete.html group parameter, reportsave.html query parameter, sensors.html...
festicket.com XSS vulnerability
Vulnerable URL: https://www.festicket.com/festivals/?location=...
holidaybeddings.com XSS vulnerability
Vulnerable URL: http://holidaybeddings.com/search.php?location=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3Eproptype=minarea=maxarea=bedrooms=bathrooms=minprice=maxprice= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:|...
Directory traversal
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource...
OrangeHRM /index.php/leave/getFilteredEmployeeCountAjax location SQL Injection Vulnerability
OrangeHRM is an open source human resource management tools , features include employee data management , employee self-service system , attendance , allowances and recruitment and other functions . OrangeHRM /index.php/leave/getFilteredEmployeeCountAjax fails to correctly filter the 'location' G...
WordPress Shareaholic 7.6.0.3 Cross Site Scripting
Exploit Title: Shareaholic 7.6.0.3 XSS Date: 10-11-2014 Software Link: https://wordpress.org/plugins/shareaholic/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE: CVE-2014-9311 Category: webapps 1. Description...
Code injection
Static code injection vulnerability in addreg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted 1 url and 2 location parameter...
CVE-2009-2111
CVE-2009-2111 affects DB Top Sites 1.0, with a vulnerability in the file add_reg.php that allows static code injection . A remote attacker can inject arbitrary PHP code by supplying crafted parameters for the (1) url and (2) location, enabling code execution on the affected system. This is docume...
CVE-2009-2111
Static code injection vulnerability in addreg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted 1 url and 2 location parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 class parameter to a methodTable.php, b code.php, and c details.php in browser/; and the 2 location parameter to browser/code.php. NOTE: the provenance of this...
CVE-2008-1917
CVE-2008-1917 describes multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2. The affected components are the browser/ module parameters: (1) class parameter to (a) methodTable.php, (b) code.php, and (c) details.php, and (2) the location parameter to browser/code.php. The CVE notes t...
CVE-2008-0488
Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 LOCATION and 2 URL parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2003-0802
Nokia Electronic Documentation NED 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . dot...