1593 matches found
CVE-2015-4089
The CVE-2015-4089 entries describe multiple CSRF vulnerabilities in the WordPress WP Fastest Cache plugin, specifically in the optionsPageRequest function of admin.php prior to version 0.8.3.5. An attacker can exploit the wpFastestCachePage parameter to invoke (1) saveOption, (2) deleteCache, (3)...
CVE-2015-8353
Cross-site scripting XSS vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the objectname parameter in a rs-objectroleedit page to wp-admin/admin.php...
Theo CMS 2.0 SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================= MGC ALERT 2017-004 - Original release date: July 11, 2017 - Last revised: August 12, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score...
Code injection
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...
CVE-2017-11756
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...
Hashtopus SQL Injection Vulnerability
Hashtopus is a cross-platform client-server tool for distributing hash table tasks between multiple computers. A SQL injection vulnerability exists in Hashtopus version 1.5g. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of the 'format' parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php...
Sql injection
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php...
CVE-2017-11679
Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...
CVE-2017-11677
Cross-site scripting XSS vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...
CVE-2017-11678
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php...
CVE-2017-11677
Hashtopus 1.5g is affected by a Cross-Site Scripting (XSS) vulnerability that can be triggered by a crafted query string sent to admin.php, enabling the injection of arbitrary web script or HTML. The root cause is an input handling flaw in the web interface that processes the query string without...
CVE-2017-11678
Hashtopus has a reported SQL injection vulnerability (CVE-2017-11678) affecting version 1.5g. The issue allows an attacker who is authenticated remotely to execute arbitrary SQL commands via the format parameter in admin.php, potentially impacting data confidentiality, integrity, and availability...
CVE-2017-11678
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php...
CVE-2017-11677
Cross-site scripting XSS vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php...
CVE-2017-11679
CVE-2017-11679 describes a CSRF in Hashtopus 1.5g where an attacker can trigger actions via the password parameter to admin.php in an a=config action. The connected records confirm the vulnerability exists in Hashtopus 1.5g and identify the vulnerable parameter and endpoint, but they do not provi...
CVE-2017-11679
Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...
Sql injection
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php...
CVE-2017-9418
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php...