CVE-2012-1227

The CVE-2012-1227 entry describes CSRF vulnerabilities in pluck 4.7 (admin.php) that could allow an attacker to hijack admin sessions by performing actions such as (1) changing the admin email address, (2) changing the blog title via a settings action, (3) adding a page via editpage, or (4) addin...

CVE-2012-1216

PBBoard 2.1.4 and likely earlier versions have multiple vulnerabilities tied to CVE-2012-1216: a CSRF flaw in admin.php that can hijack administrator sessions to perform actions (e.g., file upload via add action or file content modification via edit action), and it is linked to other issues (CVE-...

Xoops 2.5.4 - Blind SQL Injection

------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom Tested on: Freebsd 8 and Debian...

CVE-2011-4561

Cross-site scripting XSS vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/index.php. NOTE: some of these details are obtained from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/index.php. NOTE: some of these details are obtained from third party information...

CVE-2011-4561

Cross-site scripting XSS vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/index.php. NOTE: some of these details are obtained from third party information...

CVE-2011-4561

Phorum 5.2.18 is vulnerable to a cross-site scripting (XSS) flaw in admin.php, exploitable by remote attackers via PATH_INFO to admin/index.php. The issue affects Phorum’s admin interface and can allow injection of arbitrary web script or HTML. Multiple sources (NVD/OpenVAS) confirm the vulnerabi...

CVE-2010-5046

Cross-site scripting XSS vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter...

CVE-2010-5046

CVE-2010-5046 is a Cross‑Site Scripting (XSS) flaw in ecoCMS: the admin.php script vulnerable via the p parameter allows remote attackers to inject arbitrary script/HTML. The vulnerability affects ecoCMS’ admin page and can be triggered by crafting requests to admin.php?p=…; exploitation details ...

Multiple vulnerabilities in Efront

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Efront, which can be exploited to perform SQL injection and cross-site scripting attacks. 1 Cross-Site scripting XSS vulnerabilities in Efront 1.1 Input passed via the "course" GET parameter to index.php is not...

WordPress Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Super CAPTCHA plugin = 2.2.4 SQL Injection Vulnerability Date: 2011-08-26 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/super-capcha.2.2.4.zip Version: 2.2.4 tested...

Online Grades Project Team 3.2.5 Cross Site Scripting

Online Grades 3.2.5 Multiple XSS Vulnerabilites Vendor: Online Grades Project Team Product web page: http://www.onlinegrades.org Affected version: 3.2.5 Summary: Online Grades is the leading free-software project that allows K-12+ student grades attendance information to be posted onto a dynamic...

CVE-2011-1480

SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chnguid parameter...

Sql injection

SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chnguid parameter...

CVE-2011-1480

CVE-2011-1480 affects PHP-Nuke (admin.php) in the admin backend of PHP-Nuke 8.0 and earlier. The vulnerability is an SQL injection via the chng_uid parameter, allowing remote attackers to execute arbitrary SQL commands. The available connected documents confirm the affected software/version range...

LimeSurvey 1.85+ - 'admin.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47931/info LimeSurvey is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...

Quick CMS v3.0 Cross Site Request Forgery (Add Admin User)

Exploit for php platform in category web applications + Exploit Title: Quick CMS v3.0 Cross Site Request Forgery Add Admin User + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : Web Apps XSRF + Dork : intext:"Quick.Cms v3.0" inurl:admin.php + Demo CMS Link:...

NooMS CMS 1.1.1 Cross Site Request Forgery

NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this morning so figured I'd try to see how fast it would take me ...

Viscacha 0.8.1 XSS / SQL Injection / Path Disclosure

================================== Vulnerability ID: HTB22921 Reference: http://www.htbridge.ch/advisory/sqlinjectioninviscacha.html Product: Viscacha Vendor: MaMo Net http://www.viscacha.org Vulnerable Version: 0.8.1 Vendor Notification: 24 March 2011 Vulnerability Type: SQL Injection Risk level...