CVE-2013-4899

CVE-2013-4899 concerns Twilight CMS (v5.17 and earlier). The issue is an XSS vulnerability where user-supplied data appended to "/gallery/" is insufficiently filtered, allowing a remote attacker to inject arbitrary script via PATH_INFO and execute in the context of a logged-in user. The advisory ...

Sql injection

SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATHINFO to index.php...

Code injection

ginkgosnmp.inc in HP System Management Homepage SMH allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATHINFO to smhutil/snmpchp.php.en...

CVE-2013-3576

ginkgosnmp.inc in HP System Management Homepage SMH allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATHINFO to smhutil/snmpchp.php.en. Recent assessments: theguly at February 28, 2020 4:42pm UTC reported: this product runs as SYSTEM by default, and...

Open redirect

Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATHINFO...

CVE-2012-5646

node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...

CVE-2012-5647

CVE-2012-5647 is an open redirect flaw in OpenShift Origin’s restorer.php (node-util), present before version 1.0.5-3. A remote attacker could craft a link to cause PATH_INFO parsing to redirect victims to an arbitrary site, enabling phishing. The issue is documented alongside CVE-2012-5646, with...

CVE-2013-0262

CVE-2013-0262 affects Rack’s Rack::File in Rack 1.5.x (before 1.5.2) and 1.4.x (before 1.4.5). A crafted PATH_INFO can cause a directory traversal, allowing an attacker to access arbitrary files outside the intended root. Root cause: improper PATH_INFO handling in Rack::File (symlink path travers...

CVE-2013-0262

rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...

CVE-2012-6528

Multiple cross-site scripting XSS vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 themes/default/tilesearch/index.tmpl.php, 2 login.php, 3 search.php, 4 passwordreminder.php, 5 login.php/jscripts/infusion, 6...

CVE-2012-6528

ATutor before 2.1 contains multiple cross-site scripting (XSS) vulnerabilities exploitable via PATH_INFO in several endpoints (themes/default/tile_search/index.tmpl.php, login.php, search.php, password_reminder.php, login.php/jscripts/infusion, login.php/mods/_standard/flowplayer, browse.php/jscr...

CVE-2012-6527

CVE-2012-6527 concerns the WordPress plugin My Calendar prior to version 1.10.2. The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary script or HTML via the PATH_INFO parameter. Multiple sources corroborate that versions before 1.10.2 are affect...

CVE-2012-5874

Multiple SQL injection vulnerabilities in the 1 updatewhosonlinereg and 2 updatewhosonlineguest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATHINFO to a checkuser.php, b groups.php, c index.php, d login.php, e quicklogin.php, f...

CVE-2012-5666

Cross-site scripting XSS vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to apps/bookmark/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to apps/bookmark/index.php...

CVE-2012-5666

Cross-site scripting XSS vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to apps/bookmark/index.php...

CVE-2012-2084

Cross-site scripting XSS vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATHINFO...

CVE-2012-2084

Cross-site scripting XSS vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATHINFO...

CVE-2012-4532

Cross-site scripting XSS vulnerability in modules/modlanguages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php. NOTE: some of these details are obtained from third party...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php, 2 modules/admin/adminmoduleindex.php, or 3 modules/calendar/customisecalendartimes.php; login parameter to 4 index.ph...