CentOS Web Panel Cross-Site Scripting Vulnerability (CNVD-2018-03251)

CentOS Web Panel is a CentOS Lnuix system administration panel. A cross-site scripting vulnerability exists in CentOS Web Panel 0.9.8.12 and earlier versions. A remote attacker can exploit this vulnerability by injecting script code into a client browser via the 'module' value of the index.php fi...

PT-2018-17249 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions through v0.9.8.12 Description: The issue concerns an XSS vulnerability via the module value of the "index.php" file. Recommendations: For versions through v0.9.8.12, as a temporary workaround, consider restricting...

CVE-2017-14983

Cross-site scripting XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/adminconf/index.php...

Code injection

EyesOfNetwork "EON" 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selectedevents parameter in the 1 acknowledge, 2 delete, or 3 ownDisown function in module/monitoringged/gedfunctions.php or the 4 module parameter to module/index.php...

CVE-2016-4056

Cross-site scripting XSS vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark...

Cross site scripting

Cross-site scripting XSS vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark...

CVE-2016-4056

TYPO3 Backend component (TYPO3 6.2.x before 6.2.19) is affected by a Cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script/HTML via the module parameter when creating a bookmark, enabling script execution in an authenticated user’s browser. The issue stems from insuffi...

kernel: block: passing disk names as format strings

Format string vulnerability in the registerdisk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/mdmod/parameters/newarray in order to create a crafted /dev/md device nam...

Directory traversal

Directory traversal vulnerability in modules/comvtigerworkflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. dot dot in the modulename parameter...

CVE-2012-3805

Multiple cross-site scripting XSS vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 absendername, 2 absenderemail, or 3 absendernachricht parameter to the content page; 4...

Sql injection

SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter...

CVE-2010-4357

SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter...

Miniweb 2.0 - Full Path Disclosure

Miniweb 2.0 Full Path Disclosure Name Miniweb 2.0 Vendor http://www.miniweb2.com Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-12 X. INDEX I. ABOUT THE APPLICATION II. DESCRIPTION III. ANALYSIS IV. SAMPLE CODE V...

Directory traversal

Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. dot dot in the module parameter...

CVE-2008-6551

Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 an adminlang cookie to admin/index.php; or the module parameter to 2...

CVE-2008-6551

Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 an adminlang cookie to admin/index.php; or the module parameter to 2...

CVE-2008-5943

Multiple directory traversal vulnerabilities in NavBoard 16 2.6.0 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the module parameter to 1 adminmodules.php and 2 modules.php...

CVE-2008-5944

Cross-site scripting XSS vulnerability in modules.php in NavBoard 16 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the module parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in modules.php in NavBoard 16 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the module parameter...

Sql injection

Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via 1 the nid parameter to index.php in a View action to the News module; 2 the vid parameter to index.php in a Result action to the Voting module; 3 the fid parameter t...