245 matches found
Sql injection
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the 1 jakdeletelog or 2 ssp parameter to admin/index.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the 1 sEcho parameter to commentspaginate.php or 2 storespaginate.php or the 3 affiliateurl, 4 description, 5 domain, 6...
CVE-2011-5316
Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
CVE-2011-5316
Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
CVE-2011-5315
Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
CVE-2011-5316
The CVE-2011-5316 entry concerns a CSRF flaw in the Cambio 0.5a nightly r37 release, specifically affecting the admin/index.php handler. The underlying issue allows an attacker to hijack an administrator’s session and perform credential-changing actions via a seemingly legitimate user-initiated r...
CVE-2014-9241
Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the 1 type parameter to report.php, 2 signature parameter in a doeditsig action to usercp.php, or 3 title parameter in the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the 1 type parameter to report.php, 2 signature parameter in a doeditsig action to usercp.php, or 3 title parameter in the...
KDPics 1.18 'admin/index.php' Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38603/info KDPics is prone to a vulnerability that lets an attacker add an administrative user because it fails to adequately secure access to administrative functionality. This may allow the attacker to compromise the...
BrudaNews <= 1.1 (admin/index.php) Remote File Include Vulnerability
No description provided by source. ============================================================================================== BrudaNews = v1.1 o Remote File Inclusion Exploit =============================================================================================== Critical Level :...
VietPHP admin/index.php language Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/25226/info VietPHP is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
PHPFaber TopSites 3 Admin/Index.PHP Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23419/info TopSites is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable...
Allomani Super Multimedia Library 2.5.0 - CSRF Vulnerability (Add Admin)
No description provided by source. Super Multimedia Library 2.5.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/mediascript.html === Exploit === form method=POST...
Azeno CMS SQL Injection Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = 'SSV-67893' vul ID version = '1' author = 'hzr' vulDate = '2010-03-13' createDate =...
RedBLoG 0.5 admin/index.php root_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/20115/info The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
Back-End CMS 0.4.5 admin/index.php includes_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/20207/info Back-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary...
couponPHP CMS 1.0 Multiple Stored XSS and SQL Injection Vulnerabilities
Summary couponPHP is a revolutionary content management system for running Coupon and Deal websites. It is feature rich, powerful, beautifully designed and fully automatic. Description couponPHP is vulnerable to multiple Stored XSS and SQL Injection issues. Input passed via the parameters...
CVE-2012-6631
Cross-site request forgery CSRF vulnerability in accounts/admin/index.php in Vessio NetBill 1.2 allows remote attackers to hijack the authentication of administrators for requests that add accounts via a new-client action...
易思espcms某处sql注入漏洞,附详细分析与POC代码
简要描述: 小菜刚学代码审核 详细说明: 文件 /interface/forummain.php中$userid未过滤进入sql语句 第17行到32行 function inlist parent::startpagetemplate; parent::memberpurview0, $this-mlink'orderlist'; includeonce adminROOT . 'public/classpagebotton.php'; $lng = adminLNG == 'big5' ? $this-CON'islancode' : adminLNG; $page =...
Sql injection
SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the 1 user name or 2 password field...