Lucene search
K

414 matches found

CNVD
CNVD
added 2017/11/27 12:0 a.m.61 views

CS-Cart administration section file upload vulnerability

CS-Cart is a PHP and MySQL based e-commerce software system developed by CS-Cart team. The system supports third-party software extensions, customized promotional strategies, product filtering definitions, etc. The administration section is one of the management components. A file upload...

9CVSS7.4AI score0.01938EPSS
Exploits3References1
CNVD
CNVD
added 2017/11/13 12:0 a.m.7 views

WordPress Ultimate Instagram Feed Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Ultimate Instagram Feed plugin is a photo wall plugin used in... A cross-site scripting vulnerability exists i...

4.8CVSS6AI score0.01028EPSS
Exploits2References1
CNVD
CNVD
added 2017/06/15 12:0 a.m.2 views

Fastspot BigTree 'admin.php' File Denial of Service Vulnerability

Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A security vulnerability exists in the admin.php file in Fastspot BigTree 4.2.18 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of...

5.7CVSS6.7AI score0.01127EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/15 12:0 a.m.2 views

Fastspot BigTree Cross-Site Scripting Vulnerability

Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in the admin.php file in Fastspot BigTree 4.2.18 and earlier versions. A remote attacker can exploit this vulnerability to inject...

5.4CVSS6.1AI score0.00784EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/09 12:0 a.m.2 views

ZZCMS V8.0 SQL Injection Vulnerability in Multiple Parameters

ZZCMS is an enterprise website builder. ZZCMS V8.0 suffers from a SQL injection vulnerability, which allows attackers to exploit the vulnerability to obtain sensitive information from the database. The injection parameters include the following: zs/zs.php file 'pxzs' function;...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2015/11/08 12:0 a.m.19 views

Quick.Cart 6.6 Cross Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Quick.Cart 6.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/07/2015 Disclosed to public: 10/07/2015 Release mode...

0.5AI score
Exploits0
myhack58
myhack58
added 2013/07/03 12:0 a.m.11 views

metinfo(m topology)of the enterprise website management system SQL injection vulnerability-vulnerability warning-the black bar safety net

The vulnerability occurs in the member/getpassword. php with admin/admin/getpassword. php file if$p $array = explode'.', base64decode$p; $sql="SELECT FROM $metadmintable WHERE adminid='".$ array0."'"; $sqlarray = $db-getone$sql; base64decode$pafter the value with explode split and then submitted ...

8.1AI score
Exploits0
myhack58
myhack58
added 2013/03/14 12:0 a.m.30 views

Fyblogs website management system vulnerability-vulnerability warning-the black bar safety net

Background universal password 'or'='or' The backend file management presence of the bypass. Lead to browse to where the letter information. Information leaked! admin/uploadfile. asp? currentFolder=/upfiles/../ Vulnerability to prove: Google: inurl:type. asp? id=1 News Center Or: inurl:downloadok...

3.4AI score
Exploits0
exploitpack
exploitpack
added 2009/06/01 12:0 a.m.8 views

elitecms 1.01 - SQL Injection Cross-Site Scripting

elitecms 1.01 - SQL Injection Cross-Site Scripting eliteCMS 1.01 SQL/XSS Multiple Remote Vulns by xenohive greets to daganarus, dearest of all my friends. SQL injection requires magicquotes = off -/includes/functions.php --------------------------------- 89. function getpagesettings ... 92. $quer...

0.3AI score
Exploits0
CVE
CVE
added 2006/08/21 9:0 p.m.43 views

CVE-2006-4268

CubeCart

6.8CVSS5.8AI score0.02051EPSS
Exploits1References12Affected Software1
seebug.org
seebug.org
added 2006/06/18 12:0 a.m.30 views

INDEXU <= 5.0.1 (admin_template_path) Remote Include Vulnerabilities

No description provided by source. indexu remote file include -------------------------------------------------| Discovered By CrAshoVeRrIdE | Arabian Security Team | -------------------------------------------------| site of script:http://www.nicecoder.com/...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2006/05/25 12:0 a.m.6 views

PT-2006-3529 · Nucleus · Nucleus

Name of the Vulnerable Software and Affected Versions: Nucleus versions 3.22 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSDIR LIBS parameter in the nucleus/libs/PLUGINADMIN.php file. Recommendations: For versions 3.22 and earlier...

5.1CVSS7.8AI score0.07071EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2005/05/25 12:0 a.m.4 views

PT-2005-2754 · Funkyasp · Funkyasp Ad System

Name of the Vulnerable Software and Affected Versions: FunkyASP AD System version 1.1 Description: The issue allows remote attackers to execute arbitrary SQL commands and gain privileges. This is achieved via the password parameter in the admin.asp file. Recommendations: For FunkyASP AD System...

7.5CVSS8AI score0.01345EPSS
Exploits1References5
securityvulns
securityvulns
added 2004/09/08 12:0 a.m.28 views

Good Patch to Multiple [XSS] Vulnerabilities in PHP-Nuke 7.4

CODEBUG Labs Patch 1 Title: Multiple XSS Bug in admin.php Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Web: http://www.mantralab.org Register to our site and receive our newsletter! - Patch Apply this code to your admin.php file: if !empty$HTTPGETVARS'admin' die"Shit! Mantra wins ="; i...

0.3AI score
Exploits0
Rows per page
Query Builder