WordPress responsive-coming-soon-page plugin cross-site scripting vulnerability (CNVD-2018-01266)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . responsive-coming-soon-page plugin is used in one of the test system maintenance plugin . A cross-site scriptin...

WordPress responsive-coming-soon-page plugin cross-site scripting vulnerability (CNVD-2018-01258)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . responsive-coming-soon-page plugin is used in one of the test system maintenance plugin . A cross-site scriptin...

Multiple WordPress Plugin Cross-Site Scripting Vulnerabilities

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blogging sites on servers with PHP and MySQL.WordPress Clockwork Free and Paid SMS Notifications and so on are used in which different types of SMS...

LvyeCMS Public tologin function cross-site scripting vulnerability

LvyeCMS is a content management system developed using the ThinkPHP framework and an independent grouping approach. A cross-site scripting vulnerability exists in the Public tologin function of the admin.php file in LvyeCMS 3.1 and earlier versions. A remote attacker can exploit this vulnerabilit...

Hashtopus Cross-Site Scripting Vulnerability

Hashtopus is a cross-platform client-server tool for distributing hash table tasks between multiple computers. A cross-site scripting vulnerability exists in Hashtopus version 1.5g. A remote attacker can exploit this vulnerability by sending a query string to the admin.php file to inject arbitrar...

CVE-2017-11679

Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...

Piwigo 'virtual_name' parameter cross-site scripting vulnerability

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A cross-site scripting vulnerability exists in Piwigo version 2.9.1. A remote attacker can exploit this vulnerability by...

WordPress Event List Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Event List is one of the event list plugin . SQL injection commands exist in version 0.7.8 of the WordPress Eve...

Mailcow Cross-Site Request Forgery Vulnerability (CNVD-2017-10371)

Mailcow is a mail server suite that provides a modern web UI interface for user and service management. A cross-site request forgery vulnerability exists in Mailcow. The vulnerability stems from the "admin.php" page not adding authentication such as token or CAPTCHA, which can be exploited by an...

CubeCart SQL Injection Vulnerability (CNVD-2016-01942)

CubeCart is an open source PHP e-commerce software system. CubeCart suffers from a SQL injection vulnerability. Due to insufficient filtering of user-supplied data via the "char" HTTP GET parameter passed to the "/admin.php" PHP script input, a remotely authenticated attacker with privileged acce...

X-Cart Cross-Site Scripting Vulnerability (CNVD-2015-02183)

X-Cart is an open source PHP e-commerce software . The software provides favorites , order records and inventory management modules. A cross-site scripting vulnerability exists in the admin.php script in X-Cart versions 5.1.6 through 5.1.10. A remote attacker can exploit this vulnerability to...

Piwigo 'admin.php' SQL injection vulnerability (CNVD-2015-01256)

Piwigo is a photo album script written in PHP. A SQL injection vulnerability exists in versions prior to Piwigo 2.7.4 due to the program failing to properly filter user-supplied input before using it in SQL queries. This allows an attacker to access or modify data...

PT-2014-8999 · Frederick Townes · W3 Total Cache

Name of the Vulnerable Software and Affected Versions: W3 Total Cache plugin versions prior to 0.9.4.1 Description: The issue allows remote attackers to conduct cross-site request forgery CSRF attacks. This is possible due to the improper handling of empty nonces, which can lead to the hijacking ...

SQL injection vulnerability in e107

Vulnerability ID: HTB22604 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityine1072.html Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions Vendor Notification: 13 September 2010 Vulnerability Type: SQL Injectio...

PT-2008-5439

Name of the Vulnerable Software and Affected Versions Quick.Cart version 3.1 Description A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the query string in the admin.php file. Recommendations For Quick.Cart version...

CVE-2007-2008

Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...

CVE-2006-4584

Tr Forum 2.0 is affected by CVE-2006-4584, where remote attackers can bypass authentication and add an administrative account via login and password parameters to admin/insert_admin.php. The vulnerability allows partial confidentiality, integrity, and availability impact (CVSS v2 base score 7.5, ...

PT-2004-2741 · Php Nuke · Php-Nuke

Name of the Vulnerable Software and Affected Versions: Php-Nuke versions 6.x through 7.1.0 Description: A cross-site request forgery issue allows remote attackers to gain administrative privileges. This can be achieved via an img tag with a URL to "admin.php". Recommendations: For Php-Nuke versio...