Chamilo LMS IDOR - 'messageId' Delete POST Injection

Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Release Date: ============= 2016-02-15 Vulnerability...

CVE-2013-2585

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...

CVE-2014-0616

Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers ...

Sql injection

SQL injection vulnerability in silentumguestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter...

CVE-2006-0757

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...