CVE-2010-2797

CMS Made Simple

XSS vulnerability in Mystic

Vulnerability ID: HTB22534 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinmystic.html Product: Mystic Vendor: Hulihan Applications http://hulihanapplications.com/projects/mystic Vulnerable Version: 0.1.4 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerability Typ...

Grafik CMS 1.1.2 Cross Site Scripting

Vulnerability ID: HTB22438 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityingrafikcms.html Product: Grafik CMS Vendor: GrafikPower Vulnerable Version: 1.1.2 and Probably Prior Versions Vendor Notification: 14 June 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed,...

XSS vulnerability in Grafik CMS

Vulnerability ID: HTB22439 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityingrafikcms1.html Product: Grafik CMS Vendor: GrafikPower Vulnerable Version: 1.1.2 and Probably Prior Versions Vendor Notification: 14 June 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed,...

SQL injection vulnerability in Grafik CMS

Vulnerability ID: HTB22440 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityingrafikcms.html Product: Grafik CMS Vendor: GrafikPower Vulnerable Version: 1.1.2 and Probably Prior Versions Vendor Notification: 14 June 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vend...

REvolution <= 10.02 CSRF (Cross-Site Request Forgery)

Exploit for php platform in category web applications ===================================================== REvolution &Xfiles=footerafter&confirm=1 " Solution: Upgrade to the most recent verison 0day.today 2018-01-02...

Discuz7. 0. 0 Flash Xss old vulnerabilities new ideas-vulnerability warning-the black bar safety net

DZ official website to see a bit, have been unable to upload jpg suffix swf file, but everyone noticed it, and DZ matching ucenter space album, you can upload a jpg suffix swf file. So I downloaded the latest version of DZ7. 0 and ucenter and ucenter space, test the consequences and then can be...

Gonafish LinksCaffePRO 4.5 (index.php) SQL Injection Vulnerability

No description provided by source. /\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ \ \ \ \ /',\ \ \ \ \ \ \ \ /\ /'\ /'\ \ \ \ /\ ,\ /, \ \ \ \ ,\ \ \ \ \ // / // /\//\///\/\ \ \/\ // // // //////// //// security breakd0wn! Title: Gonafish LinksCaffePRO 4.5 index.php SQL...

Gonafish LinksCaffePRO 4.5 (index.php) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== Gonafish LinksCaffePRO 4.5 index.php SQL Injection Vulnerability ================================================================== /\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ ...

Gonafish LinksCaffePRO 4.5 - index.php SQL Injection

Gonafish LinksCaffePRO 4.5 - index.php SQL Injection /\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ \ \ \ \ /',\ \ \ \ \ \ \ \ /\ /'\ /'\ \ \ \ /\ ,\ /, \ \ \ \ ,\ \ \ \ // / // /\//\///\/\ \ \/\ // // // //////// //// security breakd0wn! Title: Gonafish LinksCaffePRO 4.5...

CVE-2003-1541

PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt...

CVE-2003-1541

PlanetMoon Guestbook tr3.a stores sensitive information under the web root due to insufficient access control. This enables remote attackers to obtain the admin script password (and other passwords) via a direct request to files/passwd.txt. The available sources describe information disclosure wi...

CVE-2007-2988

A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/createengine.php followed by a request to...

Design/Logic Flaw

A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/createengine.php followed by a request to...

CVE-2007-2988

A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/createengine.php followed by a request to...

CVE-2007-2988

The CVE-2007-2988 entry describes a vulnerability in the Inout Meta Search Engine: an admin script redirects the browser but does not exit when admin credentials are missing, enabling remote attackers to inject arbitrary PHP code via a sequence of requests to admin/create_engine.php and then admi...

Open redirect

Unspecified vulnerability in the admin script in Open Business Management OBM before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser."...

CVE-2007-2316

Technical details for CVE-2007-2316 are not publicly available in the provided documents. Monitor for updates.

PT-2007-1294 · Jobline · Jobline

Name of the Vulnerable Software and Affected Versions: Jobline version 1.1.1 Description: A remote file inclusion issue exists, allowing remote attackers to execute arbitrary code via a URL in the mosConfig absolute path parameter in the admin.jobline.php script. Recommendations: For Jobline...

LinksCaffe 2.0/3.0 - Authentication Bypass

source: https://www.securityfocus.com/bid/19763/info LinksCaffe is prone to an authentication-bypass vulnerability because of a lack of required authentication on the application's administrative script. An attacker can use administrative functions simply by knowing the script's name and location...