103 matches found
Synology SafeAccess Cross-Site Scripting Vulnerability
Synology SafeAccess is an appliance from China-based Synology Inc. that can configure the security of your network environment. The appliance can monitor users' Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices in the...
CVE-2020-27659
Multiple cross-site scripting XSS vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the 1 domain or 2 profile parameter...
CVE-2020-27659
Multiple cross-site scripting XSS vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the 1 domain or 2 profile parameter...
Synology SafeAccess 跨站脚本漏洞
Synology SafeAccess is an appliance from China-based Synology Inc. that can configure the security of your network environment. The appliance can monitor users' Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices in the...
CVE-2018-6867
Cross Site Scripting XSS exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter...
CVE-2018-6867
Cross Site Scripting XSS exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter...
Muslim Matrimonial Script SQL Injection Vulnerability
Muslim Matrimonial Script is a community matrimonial script for matrimonial websites by PHP Scripts Mall. PHP Scripts Mall Muslim Matrimonial Script has a SQL injection vulnerability. The vulnerability can be exploited to conduct SQL injection attacks via the view-profile.php memid parameter...
CVE-2017-17983
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php memid parameter...
CVE-2017-17893
Readymade Video Sharing Script has XSS via the searchvideo.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter...
FS Freelancer Clone SQL Injection Vulnerability
FS Freelancer Clone is a set of PHP and MySQL based scripts for freelancer online job search and recruitment websites. A SQL injection vulnerability exists in FS Freelancer Clone version 1.0. The vulnerability can be exploited by remote attackers to inject SQL commands by sending the 'u' paramete...
Sql injection
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or companydetails.php id parameter...
WordPress Training Membership 1.0.8 Cross Site Scripting Vulnerability
WordPress Fitness Trainer - Training Membership plugin versions 1.0.8 and below suffer from a cross site scripting vulnerability. Exploit Title: Wordpress Fitness Trainer - Training Membership Plugin ================== 8bitsec - https://twitter.com/8bitsec 0day.today 2018-04-09...
WordPress Training Membership 1.0.8 Cross Site Scripting
Exploit Title: Wordpress Fitness Trainer - Training Membership Plugin ================== 8bitsec - https://twitter.com/8bitsec...
Cross-site Scripting (XSS)
Magmi is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary webscript through the profile parameter of web/magmi.php or through querystring to web/magmiimportrun.php...
Magento Server MAGMI plugin cross-site scripting vulnerability
Magento is the United States Magento company's set of professional open source PHP e-commerce system , it provides rights management , search engine and payment gateway features such as Magento Server is the Magento server . MAGMI aka Magento Mass Importer is one of the product catalogs used to...
Cross site scripting
Cross-site scripting XSS vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php...
PT-2014-8461 · Sap · Sap Netweaver As Abap
Name of the Vulnerable Software and Affected Versions: SAP Netweaver AS ABAP version 7.31 Description: The issue allows remote authenticated users to obtain sensitive information by making a request to the RSDU CCMS GET PROFILE PARAM RFC function. Recommendations: For SAP Netweaver AS ABAP versio...
PT-2014-2542 · Red Hat +1 · Red Hat Cloudforms +1
Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms 2.0 Management Engine CFME versions 5.1 and earlier ManageIQ Enterprise Virtualization Manager versions 5.0 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This is...
2: miq_policy/explorer SQL injection
SQL injection vulnerability in the miqpolicy controller in Red Hat CloudForms 2.0 Management Engine CFME 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile parameter in an explorer action...
CVE-2011-4340
Symphony CMS CVE-2011-4340 affects Symphony CMS 2.2.3 and potentially earlier versions up to just before 2.2.4. The vulnerability is due to cross-site scripting (XSS) in two areas: (1) profile parameter handling in extensions/profiledevkit/content/content.profile.php (triggered via default URI, a...