414 matches found
CS-Cart administration section file upload vulnerability
CS-Cart is a PHP and MySQL based e-commerce software system developed by CS-Cart team. The system supports third-party software extensions, customized promotional strategies, product filtering definitions, etc. The administration section is one of the management components. A file upload...
WordPress Ultimate Instagram Feed Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Ultimate Instagram Feed plugin is a photo wall plugin used in... A cross-site scripting vulnerability exists i...
Fastspot BigTree 'admin.php' File Denial of Service Vulnerability
Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A security vulnerability exists in the admin.php file in Fastspot BigTree 4.2.18 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of...
Fastspot BigTree Cross-Site Scripting Vulnerability
Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in the admin.php file in Fastspot BigTree 4.2.18 and earlier versions. A remote attacker can exploit this vulnerability to inject...
ZZCMS V8.0 SQL Injection Vulnerability in Multiple Parameters
ZZCMS is an enterprise website builder. ZZCMS V8.0 suffers from a SQL injection vulnerability, which allows attackers to exploit the vulnerability to obtain sensitive information from the database. The injection parameters include the following: zs/zs.php file 'pxzs' function;...
Quick.Cart 6.6 Cross Site Request Forgery
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Quick.Cart 6.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/07/2015 Disclosed to public: 10/07/2015 Release mode...
metinfo(m topology)of the enterprise website management system SQL injection vulnerability-vulnerability warning-the black bar safety net
The vulnerability occurs in the member/getpassword. php with admin/admin/getpassword. php file if$p $array = explode'.', base64decode$p; $sql="SELECT FROM $metadmintable WHERE adminid='".$ array0."'"; $sqlarray = $db-getone$sql; base64decode$pafter the value with explode split and then submitted ...
Fyblogs website management system vulnerability-vulnerability warning-the black bar safety net
Background universal password 'or'='or' The backend file management presence of the bypass. Lead to browse to where the letter information. Information leaked! admin/uploadfile. asp? currentFolder=/upfiles/../ Vulnerability to prove: Google: inurl:type. asp? id=1 News Center Or: inurl:downloadok...
elitecms 1.01 - SQL Injection Cross-Site Scripting
elitecms 1.01 - SQL Injection Cross-Site Scripting eliteCMS 1.01 SQL/XSS Multiple Remote Vulns by xenohive greets to daganarus, dearest of all my friends. SQL injection requires magicquotes = off -/includes/functions.php --------------------------------- 89. function getpagesettings ... 92. $quer...
CVE-2006-4268
CubeCart
INDEXU <= 5.0.1 (admin_template_path) Remote Include Vulnerabilities
No description provided by source. indexu remote file include -------------------------------------------------| Discovered By CrAshoVeRrIdE | Arabian Security Team | -------------------------------------------------| site of script:http://www.nicecoder.com/...
PT-2006-3529 · Nucleus · Nucleus
Name of the Vulnerable Software and Affected Versions: Nucleus versions 3.22 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSDIR LIBS parameter in the nucleus/libs/PLUGINADMIN.php file. Recommendations: For versions 3.22 and earlier...
PT-2005-2754 · Funkyasp · Funkyasp Ad System
Name of the Vulnerable Software and Affected Versions: FunkyASP AD System version 1.1 Description: The issue allows remote attackers to execute arbitrary SQL commands and gain privileges. This is achieved via the password parameter in the admin.asp file. Recommendations: For FunkyASP AD System...
Good Patch to Multiple [XSS] Vulnerabilities in PHP-Nuke 7.4
CODEBUG Labs Patch 1 Title: Multiple XSS Bug in admin.php Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Web: http://www.mantralab.org Register to our site and receive our newsletter! - Patch Apply this code to your admin.php file: if !empty$HTTPGETVARS'admin' die"Shit! Mantra wins ="; i...