Phorum 5.1.20 admin.php Groups Module group_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...

REvolution <= 10.02 CSRF (Cross-Site Request Forgery)

No description provided by source. Vulnerability ID: HTB22367 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinnpdsrevolution.html Product: NPDS REvolution Vendor: NPDS Vulnerable Version: REvolution 10.02 and Probably Prior Versions Vendor Notification: 06 May 2010 Vulnerability Type: CSRF...

PBBoard 2.1.4 - Local File Inclusion

No description provided by source. Exploit Title: PBBoard 2.1.4 Local File Inclusion Software Link: http://www.pbboard.com/PBBoardv2.1.4.zip Author: n4ss1m Date: 25-05-2012 Tested on: win/linux Home : www.Sec4ever.com Exploit-DB note: Need to be logged in, at the very least, as a standard user to...

LokiCMS <= 0.3.3 - Remote Command Execution Exploit

No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection Exploit: Remote Command Execution Vuln Code: admin.php if $GET'default' != '' // User want's to set the default page writeconfig$cpassword,...

eTicket 1.5.5.2 admin.php CSRF

No description provided by source. source: http://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site...

MD News 1 Admin.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17394/info MD News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow a...

b2evolution 3.3.3 Cross Site Request Forgery [CSRF]

No description provided by source. ---------------------------------------------------------------------------- : Exploit Title: b2evolution 3.3.3 Cross site request forgery : : Date: 05/07/2010 & 23/07/1431 H : : Author: saudi0hacker : : Software Link: http://b2evolution.net/downloads/index.html...

CVE-2014-4036

Cross-site scripting XSS vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action...

AllMyVisitors 0.5.0 Insecure Cookie Handling Vulnerability

Exploit for php platform in category web applications ----------exploit Debut Insecure Cookie Handling Vulnerability ----------Script Info Author : JIKO ----------Script Info Site : http://www.voice-of-web.de/c-AllMyVisitors-s29.html Version : 0.4.1 Download :...

CVE-2014-3247

Cross-site scripting XSS vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project addpro action to admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project addpro action to admin.php...

CVE-2014-3247

Collabtive 1.2 contains a Stored XSS in the Add Project (admin.php?action=addpro) path. The desc parameter value is copied into the HTML document as plain text between tags, allowing arbitrary JavaScript execution. Affected product/version: Collabtive 1.12; fixed in version 2.0. Impact: authentic...

QuickCms 5.4 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: QuickCms 5.4 Multiple Vulnerabilites Date: 04/08/2014 Author: shpendk Software Link: http://opensolution.org/download,en,18.html?sFile=Quick.Cms/Quick.Cmsv5.4.zip Version: 5.4 Tested on: Xampp on Windows Reflected XSS Vulnerability in Admin Area: Trigger:...

CVE-2013-2945

CVE-2013-2945 is a SQL injection vulnerability in blogs/admin.php of b2evolution before 4.1.7. The flaw enables remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter; note that this can be leveraged with CSRF to allow remote unauthenticated attack...

CVE-2013-5951

Multiple cross-site scripting XSS vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 application.js.php in scripts/ or 2 admin.php, 3 copymove.php, 4 functions.php, 5 header.php, or 6...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 application.js.php in scripts/ or 2 admin.php, 3 copymove.php, 4 functions.php, 5 header.php, or 6...

CVE-2012-6430

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

Cross site scripting

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

CVE-2012-6430

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

CVE-2012-6430

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...