MODX Revolution 'setup/templates/findcore.php' file remote code execution vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A security vulnerability exists in the setup/templates/findcore.php file in MODX Revolution 2.5.4-pl and...

CVE-2017-6480

groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php path parameter...

Cross site scripting

groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php path parameter...

CVE-2017-6480

groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php path parameter...

Design/Logic Flaw

An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tinymce/plugins/codemirror/dialog.php" URL. An attacker could execu...

CVE-2017-5961

Ionize versions up to 1.0.8 (IONIZE CMS built on CodeIgniter) are affected by an XSS vulnerability due to insufficient filtration of user-supplied data in the path parameter of the URL to ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php. This could all...

Arbitrary file deletion

A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...

CVE-2017-5595

A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...

CVE-2017-5595

A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...

My Php Dating 'path' Parameter SQL Injection Vulnerability

My Php Dating 2.0 is an online dating site system. A SQL injection vulnerability exists in the My Php Dating 'path' parameter, which can be exploited by attackers to access or modify database data...

My Php Dating 2.0 - path Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications Vulnerability: My Php Dating 2.0 - SQL Injection Web Vulnerability Google Dork: My Php Dating Date:09.01.2017 Vendor Homepage: http://www.phponlinedatingsoftware.com/demo.htm Tested on: http://www.phponlinedatingsoftware.com/demo/ Script Name:...

Joomla component com_joomanager parameter path arbitrary file download vulnerability

Joomla! is a content management system. An arbitrary file download vulnerability exists in the parameter path of the Joomla component joomanagerde. Allows an attacker to exploit the vulnerability to download sensitive information such as configuration files...

CVE-2016-5253

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link...

CVE-2016-2511

Cross-site scripting XSS vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php...

CVE-2016-2389

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence xMII component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. dot dot in the Path parameter to /Catalog, aka SAP Security Note 2230978...

Advantech WebAccess datacore Service datacore.exe Path strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x791E IOCTL in the Kernel subsystem. A stack-based buffer...

Remote Command Execution Vulnerability in Service_path Parameter of Security Authentication Gateway of Shanghai Gale Software Co.

Gehl Secure Authentication Gateway is to provide digital certificate based authentication service, data link encryption service for network applications. A remote command execution vulnerability exists in the servicepath parameter in the /api/query.php?getaction=log page of the Secure...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in a process action to admin/login.php; 2 pageTitle, 3 currentproductid, or 4 cPath parameter to...

Unrestricted file upload

Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specifi...

CVE-2015-1053

Cross-site scripting XSS vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/filemanager/filemanager/editfile...