41 matches found
EUVD-2025-16748
Malicious code in bioql PyPI...
EUVD-2024-32948
Malicious code in bioql PyPI...
CVE-2021-39599
Multiple Cross Site Scripting XSS vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in 1 public/search.php and in the 2 c parameter in admin.php...
CVE-2020-35597
Victor CMS 1.0 is vulnerable to SQL injection via cid parameter of admineditcomment.php, pid parameter of admineditpost.php, uid parameter of adminedituser.php, and edit parameter of adminupdatecategories.php...
CVE-2019-14792
The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectanglename or rectangleopacity parameter...
CVE-2011-5300
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
CVE-2019-14785
The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cpcontactformpaypal.php=1 cpcontactformppid parameter...
Telesquare TLR-2005Ksh 安全漏洞
The Telesquare TLR-2005Ksh is a wireless router from the South Korean company Telesquare. A security vulnerability exists in Telesquare TLR-2005Ksh version 1.1.4, which originates from unauthorized command execution when requesting the admin.cgi parameter setAutorest...
PT-2024-33051 · Unknown · School Erp Pro+Responsive
Name of the Vulnerable Software and Affected Versions: School ERP Pro+Responsive version 1.0 Description: The issue allows SQL injection through the "/SchoolERP/office admin/" index in parameters such as groups id, examname, classes id, es voucherid, es class, etc. This could enable a remote...
CVE-2020-17451
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 pagelinkname, pagetitle, pagecontent, or pageextracontent parameter, or the acp/acp.php?tn=system&sub=syspref prefspagename, prefspagetitle, or prefspagesubtitle parameter...
Piwigo cross-site scripting vulnerability (CNVD-2018-04285)
Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time, and more. A cross-site scripting vulnerability exists in Piwigo version 2.8.2. A remote attacker can exploit this vulnerability to...
CVE-2017-17651
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter...
CVE-2017-1251
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631...
CVE-2016-2987
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker...
WordPress Google Analyticator plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Google Analyticator is one of the Google Analytics plug-ins. A cross-site scripting vulnerability exists in WordPre...
CVE-2015-1422
Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...
CVE-2011-5300
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
CVE-2011-0504
Multiple cross-site scripting XSS vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the 1 status parameter to admin/orders.php, 2 search parameter to admin/customers.php, or 3 STORENAME parameter to...
PT-2010-1400 · Roseonline · Roseonlinecms
Name of the Vulnerable Software and Affected Versions: RoseOnlineCMS versions 3 B1 and earlier Description: The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter in the modules/admincp.php file when magic quotes gpc...
CVE-2004-2023
SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the 1 adminname or 2 adminpass parameters...