121 matches found
CVE-2018-14685
The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php...
HongCMS Arbitrary Script File Upload Vulnerability
HongCMS is an open source lightweight content management system CMS. HongCMS 3.0.0 suffers from an arbitrary script file upload vulnerability. An attacker can exploit this vulnerability by uploading arbitrary script files via admin/index.php/template/upload URI to execute PHP code...
CVE-2018-13021
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...
CVE-2018-9173
Cross-site scripting XSS vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter...
Arbitrary File Creation Vulnerability in ourphp v1.8.0
Ourphp website building system is a php+mysql website building system. ourphp v1.8.0 version of the existence of arbitrary file creation vulnerability, the attacker can be edited through the background of the online template comes with the creation point to create any suffix file and write Trojan...
Mailing List Manager Pro SQL Injection Vulnerability
Mailing List Manager Pro is an email marketing system. The system features mailing list building, address book editing and autoresponders. A SQL injection vulnerability exists in Mailing List Manager Pro version 3.0. A remote attacker can exploit the vulnerability by sending SQL injection command...
CVE-2017-15967
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template...
Sql injection
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template...
CVE-2017-15967
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template...
CVE-2017-15967
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template...
Cross site request forgery (csrf)
Poor cryptographic salt initialization in admin/inc/templatefunctions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce...
Ocean CMS V6.48 File Traversal and Arbitrary File Deletion Vulnerabilities
Ocean Movie System aka Ocean CMS seacms is a PHP movie system. Ocean CMS version 6.48 \admin\admintemplate.php page file traversal and arbitrary file deletion vulnerability, allowing attackers to exploit the vulnerability to obtain, delete arbitrary files, can lead to system reinstallation...
MaNGOSWebV4 cross-site scripting vulnerability (CNVD-2017-03506)
MaNGOSWeb is a World of Warcraft private server CMS. maNGOSWebV4 is one of the versions. A cross-site scripting vulnerability exists in the inc/admin/templatefiles/admin.fplinks.php page of MaNGOSWebV4. An attacker can exploit this vulnerability to inject arbitrary web script or HTML...
INDEXU <= 5.0.1 (admin_template_path) Remote Include Vulnerabilities
No description provided by source...
AnnonceScriptHP 2.0 Templates/admin.dwt.php email Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these...
Et-Chat Shell Upload
-------------------- IN The NAme OF God -------------------- -====Et-chat remote file uploader RFU====- Exploit Title:Et-chat remote file uploader RFU Exploit Author: FarbodEZRaeL Tested on: xp MAil : [email protected] -====Dork====- inurl:/styles/admintpl/ -====Exploit====-...
net2ftp 'admin1.template.php' Local and Remote File Include Vulnerabilities
The 'net2ftp' program is prone to a local file-include vulnerability and a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to obtain sensitive information; other attacks are also possible. net2ftp...
Joomla Bamboo Simpla Admin Template SQL Injection
? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: Joomla Bamboo Simpla Admin Template suffer from REMOTe sql injection Vendor: .joomlabamboo.com ? Software:Joomla Bamboo Simpla Admin Template - ? author: R3d-D3v!L ? TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ?...
Joomla! Component Bamboo Simpla Admin Template - SQL Injection
Joomla! Component Bamboo Simpla Admin Template - SQL Injection ? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: Joomla Bamboo Simpla Admin Template suffer from REMOTe sql injection Vendor: .joomlabamboo.com ? Software:Joomla Bamboo Simpla Admin Template ...
Joomla! Component Bamboo Simpla Admin Template - SQL Injection
? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: Joomla Bamboo Simpla Admin Template suffer from REMOTe sql injection Vendor: .joomlabamboo.com ? Software:Joomla Bamboo Simpla Admin Template - ? author: R3d-D3v!L ? TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ?...