WordPress Plugin Google Analytics by Yoast 'class-admin.php' HTML Injection Vulnerability

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. An HTML injection vulnerability exists in the WordPress plugin Google Analytics by Yoast 'class-admin.php'. An attacker can exploit the vulnerability to execute...

Smart PHP Poll - Authentication Bypass

Exploit Title: Smart PHP Poll Auth Bypass Vulnerability Google Dork: Copyright � Smart PHP Poll. All Rights Reserved. Exploit Author: Mr.tro0oqy from Yemen Email : [email protected] Download Script :http://www.scriptsez.net/download/download.php?action=download&p=smartphppoll.zip&ns=1 go to...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the imagefile parameter in an edit action in the...

CVE-2015-2083

CVE-2015-2083 describes a Cross-site Request Forgery (CSRF) in Ilch CMS. An attacker can exploit requests to admin.php with a profilefields action to add a value to a profile field, potentially hijacking an administrator’s session/authentication. The vulnerability is documented across multiple so...

Piwigo 'admin.php' SQL Injection Vulnerability

Piwigo is a photo album system based on MySQL5 and PHP5 development. Piwigo 'admin.php' suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to manipulate or obtain database data...

Piwigo 'admin.php' Cross-Site Scripting Vulnerability

Piwigo is a photo album script written in PHP. A cross-site scripting vulnerability exists in versions of Piwigo prior to 2.7.4, which allows attackers to launch cross-site scripting attacks...

Sql injection

SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filterlevel parameter in a "Refresh photo set" action in the batchmanager page to admin.php...

Sql injection

SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php...

CVE-2015-1517

SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filterlevel parameter in a "Refresh photo set" action in the batchmanager page to admin.php...

CVE-2015-2034

Affected software: Piwigo (PHP photo gallery script). Vulnerability: Cross-site scripting (XSS) in the administrative backend. Component/entry point: admin.php via the page parameter. Versions affected: Piwigo before 2.7.4. Root cause/impact: Allows remote attackers to inject arbitrary web script...

CVE-2015-1385

Cross-site scripting XSS vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmincategoryfeeds.php page to...

CVE-2015-1374

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct 1 cross-site scripting XSS, 2 SQL injection, or 3 unrestricted file upload attacks...

CVE-2015-1373

Multiple cross-site scripting XSS vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter in a search request, 2 username in a login request, which is not properly handled when logging the event, or 3 page titl...

CVE-2015-1372

SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter in a search request, 2 username in a login request, which is not properly handled when logging the event, or 3 page titl...

Sql injection

SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php...

CVE-2015-1373

Multiple cross-site scripting XSS vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter in a search request, 2 username in a login request, which is not properly handled when logging the event, or 3 page titl...

CVE-2015-1373

The CVE-2015-1373 entry concerns ferretCMS 1.0.4-alpha, where multiple XSS vulnerabilities exist in admin.php. The attacker can inject arbitrary script/HTML through: (1) the action parameter in a search request, (2) the username in a login request that is not properly handled when logging the eve...

WordPress Photo Gallery plugin <= 1.2.100 - SQL Injection

Because of this vulnerability, authenticated users can execute arbitrary SQL commands via "the ascordesc" parameter in the galleriesbwg page to wp-admin/admin.php. Solution Upgrade the plugin...