Lucene search
K

121 matches found

OSV
OSV
added 2018/07/28 11:29 p.m.4 views

CVE-2018-14685

The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php...

9.8CVSS5.9AI score0.02143EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/02 12:0 a.m.2 views

HongCMS Arbitrary Script File Upload Vulnerability

HongCMS is an open source lightweight content management system CMS. HongCMS 3.0.0 suffers from an arbitrary script file upload vulnerability. An attacker can exploit this vulnerability by uploading arbitrary script files via admin/index.php/template/upload URI to execute PHP code...

9CVSS7.4AI score0.02204EPSS
Exploits1References1
OSV
OSV
added 2018/06/29 5:29 p.m.4 views

CVE-2018-13021

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...

7.2CVSS6.1AI score0.02204EPSS
Exploits1References1
OSV
OSV
added 2018/04/02 3:29 a.m.12 views

CVE-2018-9173

Cross-site scripting XSS vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter...

6.1CVSS6.2AI score
Exploits0References2
CNVD
CNVD
added 2018/01/29 12:0 a.m.0 views

Arbitrary File Creation Vulnerability in ourphp v1.8.0

Ourphp website building system is a php+mysql website building system. ourphp v1.8.0 version of the existence of arbitrary file creation vulnerability, the attacker can be edited through the background of the online template comes with the creation point to create any suffix file and write Trojan...

7AI score
Exploits0
CNVD
CNVD
added 2017/11/03 12:0 a.m.4 views

Mailing List Manager Pro SQL Injection Vulnerability

Mailing List Manager Pro is an email marketing system. The system features mailing list building, address book editing and autoresponders. A SQL injection vulnerability exists in Mailing List Manager Pro version 3.0. A remote attacker can exploit the vulnerability by sending SQL injection command...

9.8CVSS8.3AI score0.02066EPSS
Exploits4References1
OSV
OSV
added 2017/10/29 6:29 a.m.3 views

CVE-2017-15967

Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template...

9.8CVSS5.8AI score0.02066EPSS
Exploits4References2
Prion
Prion
added 2017/10/29 6:29 a.m.10 views

Sql injection

Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template...

7.5CVSS9.7AI score0.02066EPSS
Exploits4References2Affected Software1
NVD
NVD
added 2017/10/29 6:29 a.m.19 views

CVE-2017-15967

Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template...

9.8CVSS9.8AI score0.02066EPSS
Exploits4References2
Cvelist
Cvelist
added 2017/10/29 6:0 a.m.17 views

CVE-2017-15967

Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template...

9.8AI score0.02066EPSS
Exploits4References2
Prion
Prion
added 2017/04/30 7:59 p.m.14 views

Cross site request forgery (csrf)

Poor cryptographic salt initialization in admin/inc/templatefunctions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce...

6.8CVSS8.8AI score0.01261EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/04/18 12:0 a.m.2 views

Ocean CMS V6.48 File Traversal and Arbitrary File Deletion Vulnerabilities

Ocean Movie System aka Ocean CMS seacms is a PHP movie system. Ocean CMS version 6.48 \admin\admintemplate.php page file traversal and arbitrary file deletion vulnerability, allowing attackers to exploit the vulnerability to obtain, delete arbitrary files, can lead to system reinstallation...

7AI score
Exploits0
CNVD
CNVD
added 2017/03/13 12:0 a.m.3 views

MaNGOSWebV4 cross-site scripting vulnerability (CNVD-2017-03506)

MaNGOSWeb is a World of Warcraft private server CMS. maNGOSWebV4 is one of the versions. A cross-site scripting vulnerability exists in the inc/admin/templatefiles/admin.fplinks.php page of MaNGOSWebV4. An attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.1AI score0.00624EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

INDEXU <= 5.0.1 (admin_template_path) Remote Include Vulnerabilities

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

AnnonceScriptHP 2.0 Templates/admin.dwt.php email Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2012/06/12 12:0 a.m.36 views

Et-Chat Shell Upload

-------------------- IN The NAme OF God -------------------- -====Et-chat remote file uploader RFU====- Exploit Title:Et-chat remote file uploader RFU Exploit Author: FarbodEZRaeL Tested on: xp MAil : [email protected] -====Dork====- inurl:/styles/admintpl/ -====Exploit====-...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2010/12/10 12:0 a.m.11 views

net2ftp 'admin1.template.php' Local and Remote File Include Vulnerabilities

The 'net2ftp' program is prone to a local file-include vulnerability and a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to obtain sensitive information; other attacks are also possible. net2ftp...

0.1AI score
Exploits0References2
Packet Storm
Packet Storm
added 2010/01/04 12:0 a.m.36 views

Joomla Bamboo Simpla Admin Template SQL Injection

? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: Joomla Bamboo Simpla Admin Template suffer from REMOTe sql injection Vendor: .joomlabamboo.com ? Software:Joomla Bamboo Simpla Admin Template - ? author: R3d-D3v!L ? TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ?...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2010/01/03 12:0 a.m.20 views

Joomla! Component Bamboo Simpla Admin Template - SQL Injection

Joomla! Component Bamboo Simpla Admin Template - SQL Injection ? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: Joomla Bamboo Simpla Admin Template suffer from REMOTe sql injection Vendor: .joomlabamboo.com ? Software:Joomla Bamboo Simpla Admin Template ...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/01/03 12:0 a.m.53 views

Joomla! Component Bamboo Simpla Admin Template - SQL Injection

? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: Joomla Bamboo Simpla Admin Template suffer from REMOTe sql injection Vendor: .joomlabamboo.com ? Software:Joomla Bamboo Simpla Admin Template - ? author: R3d-D3v!L ? TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ?...

7.4AI score
Exploits0
Rows per page
Query Builder