50 matches found
CVE-2018-18069
processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...
CVE-2018-5695
The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php...
CVE-2017-16961
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a...
CVE-2017-16961
A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a...
WordPress Plugin All In One WP Security & Firewall Cross-Site Request Forgery Vulnerability
WordPress is a use of PHP language development of blogging platform , users can support PHP and MySQL database server to set up their own weblog . All In One WP Security & Firewall plugin is a Wordpress security management and firewall plugin . A cross-site request forgery vulnerability exists in...
Multiple Cross-Site Request Forgery Vulnerabilities in Acobot Live Chat & Contact Form Plugin
Acobot Live Chat & Contact Form plugin is a very friendly and powerful chat management plugin for WordPres. Acobot Live Chat & Contact Form plugin 2.0 for WordPress suffers from multiple cross-site request forgery vulnerabilities, which can be exploited by remote attackers to hijack an...
CVE-2011-5096
Stack-based buffer overflow in cstore.exe in the Media Application Server MAS in Avaya Aura Application Server 5300 formerly Nortel Media Application Server 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted csanams parameter in a...
CVE-2009-0541
Multiple cross-site scripting XSS vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via 1 the username field in an admin/ request to index.php, possibly related to the loginusername parameter and the app/code/core/Mage/Admin/Model/Session.p...
CVE-2007-1156
JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for admin/...
PT-2004-1571 · Heimdal · Heimdal K5Admind
Name of the Vulnerable Software and Affected Versions: Heimdal k5admind kadmind affected versions not specified Description: The issue allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request. This is due to a heap-based buffer overflow that occurs...