187 matches found
Information Disclosure
insight-api is vulnerable to information disclosure. An input validation vulnerability in the transaction broadcast endpoint allows a remote attacker to retrieve full path information, enabling the adversary to plan and execute further attacks...
CVE-2018-17884
XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook gwolle-gb plugin before 2.5.4 for WordPress via the PATHINFO to wp-admin/index.php...
CVE-2018-16655
Gxlcms 1.0 has XSS via the PATHINFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php...
WolfSight CMS SQL Injection Vulnerability
WolfSight CMS is a content management system. The system features news management, e-commerce management, payment management and document editing. A SQL injection vulnerability exists in WolfSight CMS version 3.2. A remote attacker can exploit this vulnerability by sending PATHINFO to the default...
CVE-2018-14012
WolfSight CMS 3.2 allows SQL injection via the PATHINFO to the default URI...
CVE-2018-2367
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...
Input validation
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...
CVE-2018-2367
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...
PHP Scripts Mall Professional Service Script Information Disclosure Vulnerability
Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. An information disclosure vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker can exploit the vulnerability by sending PATHINFO via a speciall...
CVE-2017-17873
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATHINFO to the /p URI...
Design/Logic Flaw
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/reviewuserwise.php...
CVE-2017-17621
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATHINFO to the /detail URI...
UBUNTU-CVE-2017-16785
Cacti 1.1.27 has reflected XSS via the PATHINFO to host.php...
CVE-2017-15969
PG All Share Video 1.0 allows SQL Injection via the PATHINFO to search/tag, friends/index, users/profile, or videocatalog/category...
CVE-2017-15959
Adult Script Pro 2.2.4 allows SQL Injection via the PATHINFO to a /download URI, a different vulnerability than CVE-2007-6576...
CVE-2017-14070
Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to ipsearch.php, related to PHPSELF...
UBUNTU-CVE-2017-7808
A content security policy CSP "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox 55...
Cross-site Scripting (XSS)
Concrete5 is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary web script because the library does not sanitize it's parameters before rendering them for display. The following fields are affected: bannedword in...
UBUNTU-CVE-2017-0378
XSS exists in the loginform function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATHINFO to main.php...
CVE-2017-10801
phpSocial formerly phpDolphin before 3.0.1 has XSS in the PATHINFO to the search/tag/ URI...