Multiple vulnerabilities in WordPress Plugin "Attendance Manager"

Overview WordPress Plugin "Attendance Manager" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5970 Cross-site request forgery vulnerability CWE-352 - CVE-2019-5971 Natsumi Matsuoka of Cryptography...

CVE-2018-0666

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...

ASSETBASE vulnerable to cross-site scripting

Overview ASSETBASE provided by UCHIDA YOKO CO., LTD. is an IT asset management tool. ASSETBASE contains a cross-site scripting vulnerability CWE-79. Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

CSRF vulnerability in the latest version of beecms

beecms is an enterprise website management system based on PHP+Mysql architecture. The latest version of beecms has a CSRF vulnerability. Due to the failure of the add administrator form in the background to protect the token, adminadmin.php 102 lines to start processing add administrator, failed...

PHP Kobo Photo Gallery CMS for PC/smartphone and feature phone Cross-Site Request Forgery Vulnerability

PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone is a photo gallery content management system CMS for PC, smartphone and feature phone from PHP Kobo Japan. A cross-site request forgery vulnerability exists in the admin.php script in PHP Kobo Photo Gallery CMS for PC, smartphone and...

Fastspot BigTree 'admin.php' Script HTML Injection Vulnerability

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. An HTML injection vulnerability exists in Fastspot BigTree CMS versions prior to 4.2.3, which stems from the program failing to adequately filter user-submitted input. When...

Multiple Cross-Site Request Forgery Vulnerabilities in osCMax

osCMax is a PHP-based open source e-commerce system/shopping cart application that supports multi-language, SSL-secured transactions, multiple payment methods, regional shipping conversion, printing invoices and more. Multiple cross-site request forgery vulnerabilities exist in versions of osCMax...

Ilch CMS Cross-Site Request Forgery Vulnerability

Ilch CMS is a Content Management System CMS developed by the Ilch team in Germany, which eliminates the need for users to understand programming languages, modules, design, etc. by providing a simple and scalable base system. A cross-site request forgery vulnerability exists in Ilch CMS. A remote...

ZaireWeb Solutions Newsletter ZWS Administrative Interface Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10605/info Newsletter ZWS is reported prone to an administrative interface authentication bypass vulnerability. The vulnerability exists due to a design error in the implementation of the authentication system for the...

FreePBX Framework Module view.functions.php Remote Code Execution

Added: 04/03/2014 CVE: CVE-2014-1903 BID: 65509 OSVDB: 103240 Background FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk. Problem The Framework module of FreePBX is vulnerable to remote code execution as a result ...

Cross site scripting

Cross-site scripting XSS vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action...

CVE-2011-4564

The CVE-2011-4564 entry describes a Cross-site Scripting (XSS) vulnerability in the admin script of Active CMS 1.2. The issue allows remote attackers to inject arbitrary web script or HTML by manipulating the mod parameter in a module action. Affected software: Active CMS 1.2 (admin component). U...

CVE-2011-4564

Cross-site scripting XSS vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action...

Plume vulnerable to cross-site scripting

Overview Plume contains a cross-site scripting vulnerability. Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

KaiBB 1.0.2 Cross Site Request Forgery

Vulnerability ID: HTB22793 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinkaibb.html Product: KaiBB Vendor: Mi-Dia http://www.kaibb.co.uk/ Vulnerable Version: 1.0.2 and probably prior versions Vendor Notification: 13 January 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Status:...

Blog:CMS 4.2.1e - Multiple Vulnerabilities

Vulnerability ID: HTB22727 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinblogcms.html Product: BLOG:CMS Vendor: Radek Hulán http://blogcms.com/ Vulnerable Version: 4.2.1.e and probably prior versions Vendor Notification: 30 November 2010 Vulnerability Type: CSRF Cross-Site Request Forgery...

XSRF (CSRF) in CMScout

Vulnerability ID: HTB22719 Reference: http://www.htbridge.ch/advisory/xsrfcsrfincmscout.html Product: CMScout Vendor: CMScout Team http://www.cmscout.co.za/ Vulnerable Version: 2.09 and probably prior versions Vendor Notification: 25 November 2010 Vulnerability Type: CSRF Cross-Site Request Forge...

CMScout 2.09 - Cross-Site Request Forgery

CMScout 2.09 - Cross-Site Request Forgery Vulnerability ID: HTB22719 Reference: http://www.htbridge.ch/advisory/xsrfcsrfincmscout.html Product: CMScout Vendor: CMScout Team http://www.cmscout.co.za/ Vulnerable Version: 2.09 and probably prior versions Vendor Notification: 25 November 2010...

MemHT Portal 4.0.1 Stored Cross Site Scripting Vulnerability

Exploit for php platform in category web applications ============================================================ MemHT Portal 4.0.1 Stored Cross Site Scripting Vulnerability ============================================================ Product: MemHT Portal Vendor: Miltenovik Manojlo...

CVE-2010-2797

Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the defaultcmslang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different...