48 matches found
Code injection
Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters...
PT-2023-6977 · WordPress · Jeecg P3 Biz Chat
Name of the Vulnerable Software and Affected Versions: Jeecg P3 Biz Chat version 1.0.5 Description: The issue is related to the disclosure of information in the error data area of the Jeecg P3 Biz Chat plugin for WordPress content management systems. Exploitation of this issue may allow a remote...
CVE-2021-35377
Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMPadmin.php parameters...
CVE-2022-28715
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors...
mySCADA myPRO OS Command Injection Vulnerability (CNVD-2021-102828)
mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...
CVE-2021-37213
The check-in record page of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee’s check-in record...
CVE-2017-17252
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20,...
Out-of-bounds
Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20,...
Unfixed XSS vulnerability at www.gentag.fr
Security researcher Atmon3r, has submitted on 11/01/2012 a cross-site-scripting XSS vulnerability affecting www.gentag.fr, which at the time of submission ranked 5662573 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/01/2012. It is currentl...
CVE-2012-5296
Multiple cross-site scripting XSS vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to 1 approve.asp, 2 delete.asp, 3 edit.asp, or 4 edit2.asp...
Sql injection
Multiple SQL injection vulnerabilities in MYRE Real Estate Software 2012 Q2 allow remote attackers to execute arbitrary SQL commands via the 1 linkidd parameter to 1mobile/listings.php or 2 userid parameter to 1mobile/agentprofile.php...
Unfixed XSS vulnerability at www.zsecure.net
Security researcher watt, has submitted on 28/10/2011 a cross-site-scripting XSS vulnerability affecting www.zsecure.net, which at the time of submission ranked 821534 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/11/2011. It is currently...
CVE-2011-2148
Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...
Unfixed XSS vulnerability at www.dailycamera.com
Security researcher PaPPy, has submitted on 05/01/2010 a cross-site-scripting XSS vulnerability affecting www.dailycamera.com, which at the time of submission ranked 35086 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/12/2011. It is...
Sql injection
Multiple SQL injection vulnerabilities in Family Connections aka FCMS before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the 1 letter parameter to addressbook.php, 2 id parameter to recipes.php, 3 year parameter to register.php, 4 pollid parameter to home.php, and 5 email...
Unfixed XSS vulnerability at www.espace-plus.net
Security researcher xylitol, has submitted on 22/11/2008 a cross-site-scripting XSS vulnerability affecting www.espace-plus.net, which at the time of submission ranked 55626 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 29/11/2011. It is...
Unfixed XSS vulnerability at www.nuov.cz
Security researcher austinator, has submitted on 15/08/2008 a cross-site-scripting XSS vulnerability affecting www.nuov.cz, which at the time of submission ranked 1001208 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/08/2008. It is current...
Unfixed XSS vulnerability at abcdefghijklmnopqrstuvwxyz.com
Security researcher fallingmidget, has submitted on 23/03/2008 a cross-site-scripting XSS vulnerability affecting abcdefghijklmnopqrstuvwxyz.com, which at the time of submission ranked 1580405 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...
Unfixed XSS vulnerability at www.aggieathletics.com
Security researcher onlysamurai, has submitted on 10/09/2007 a cross-site-scripting XSS vulnerability affecting www.aggieathletics.com, which at the time of submission ranked 147352 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/09/2007. It...
Unfixed XSS vulnerability at kangasniemi.regweb.fi
Security researcher Uber0n, has submitted on 29/09/2007 a cross-site-scripting XSS vulnerability affecting kangasniemi.regweb.fi, which at the time of submission ranked 63656 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/10/2007. It is...