170 matches found
CVE-2020-12670
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A...
CVE-2016-3169
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the usersave function with an explicit category and loads all roles into the array...
UBUNTU-CVE-2016-3169
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the usersave function with an explicit category and loads all roles into the array...
Mao10CMS V3.3.0 两处sql注入(官网demo测试)
简要描述: V3.3.0 两处sql注入。 详细说明: 发现mao10 用的是老版本的tp框架,于是乎注入就来了。。 1 /Application/User/Controller/IndexController.class.php public function edit$id=false if!isnumeric$id $id = mcuserid; ; ifisnumeric$id ifmcuserid==$id ifmcremovehtml$POST'title','all' $title =...
PHPB2B 最新版sql注射无限充值(官网demo成功)
简要描述: rt 详细说明: 看到注册用户处 ifisset$POST'register' $iscompany = false; $ifneedcheck = false; $registertype = trim$POST'register'; $registertypename = trim$POST'typename'; pbsubmitcheck'data'; $defaultmembergroupidres = $pdb-GetRow"SELECT FROM $tbprefixmembertypes WHERE name='".$registertypename."'";...
Code injection
The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack...
CVE-2008-3216
The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack...
CVE-2008-3216
The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack...
CVE-2008-3216
The CVE-2008-3216 entry concerns projectL 1.001: the save function in br/prefmanager.d creates a file named projectL.prf in the current working directory, enabling local users to overwrite arbitrary files via a symlink attack. Affected component is the save routine in br/prefmanager.d; root cause...
obedit-xss.txt
=============================================== Obedit v3.03 - XSS Vuln. =============================================== Author: Ishkur Impact: XSS and Cookie Alert Patches: in development ------------------------------------------- Affected Software Description:...