CVE-2015-2845

The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATHINFO...

Directory traversal

Multiple directory traversal vulnerabilities in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via 1 .. dot dot sequences in the PATHINFO to index.php or 2 vectors involving a block value in the...

Directory traversal

Directory traversal vulnerability in TP-LINK Archer C5 1.2 with firmware before 150317, C7 2.0 with firmware before 150304, and C8 1.0 with firmware before 150316, Archer C9 1.0, TL-WDR3500 1.0, TL-WDR3600 1.0, and TL-WDR4300 1.0 with firmware before 150302, TL-WR740N 5.0 and TL-WR741ND 5.0 with...

CVE-2014-8690

Multiple cross-site scripting XSS vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, the 2 src parameter in a none action to index.php, or the 3 "First...

CVE-2014-100037

Cross-site scripting XSS vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to archives/...

Cross site scripting

Cross-site scripting XSS vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to archives/...

Cross site scripting

Cross-site scripting XSS vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI, related to the "Web Site" input in the Profile section...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in HESK before 2.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 hesksettingstmptitle or 2 hesklangENCODING parameter to inc/header.inc.php; the hesklangattempt parameter to 3 inc/assignmentsearch.inc.php, 4...

CVE-2011-5285

The provided connected sources confirm concrete details for CVE-2011-5285: BugFree 2.1.3 is affected by multiple cross-site scripting (XSS) vulnerabilities. Specifically, attacker-controlled input can be passed via (1) ActionType in Bug.php, (2) ReportMode in Report.php, (3) ReportMode in ReportL...

CVE-2014-8724

Cross-site scripting XSS vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATHINFO to the default URI...

Cross site scripting

Cross-site scripting XSS vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATHINFO to the default URI...

CVE-2014-9120

Cross-site scripting XSS vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to subrion/search/...

Cross site scripting

Cross-site scripting XSS vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to subrion/search/...

CVE-2014-9120

Cross-site scripting XSS vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to subrion/search/...

CVE-2014-8365

Multiple cross-site scripting XSS vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 email parameter to contact.php or 3 PATHINFO to setup.php, related to the "PHPSELF" variable...

CVE-2014-8365

Multiple cross-site scripting XSS vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 email parameter to contact.php or 3 PATHINFO to setup.php, related to the "PHPSELF" variable...

CVE-2014-8365

CVE-2014-8365 affects the Xornic Contact Us component, with XSS weaknesses exploitable via the name or email fields of contact.php or by PATH_INFO to setup.php, related to the PHP_SELF variable. The connected documents confirm this vulnerability class but do not provide product version details, c...

CVE-2014-8069

Multiple cross-site scripting XSS vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to index.php/user or 2 PATHINFO to index.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to index.php/user or 2 PATHINFO to index.php...

CVE-2014-8069

Multiple cross-site scripting XSS vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to index.php/user or 2 PATHINFO to index.php...