CVE-2012-6430

The CVE-2012-6430 entry describes a Cross-Site Scripting (XSS) vulnerability in OpenSolution Quick.Cms 5.0 and Quick.Cart 6.0 (and possibly earlier) where unsafely processed data in PATH_INFO to admin.php allows remote attackers to execute arbitrary scripts. The issue originates from insufficient...

Debian: Security Advisory (DSA-2882-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

Cross-site scripting XSS vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an adminnewcategory action to admin.php...

CVE-2013-3728

CVE-2013-3728 affects Kasseler CMS prior to 2 r1232. The connected sources document three vulnerabilities in Kasseler CMS: stored XSS via the cat parameter in admin.php (admin_new_category action), general XSS, and CSRF allowing SQL execution. Specifically, remote authenticated users with categor...

OpenSupports Remote Shell Upload Vulnerability

Sites powered by OpenSupports suffer from a remote shell upload vulnerability. Exploit Title: Open Support Arbitrary Remote File Upload Vulnerabilities Google Dork: allintext: "Power by OpenSupports © 2009 - 2014. All Rights reserved" Date: 02,March 02,2014 Exploit Author: Slotleet Vendor Homepag...

Singapore 0.9.9b / 0.9.10 Cross Site Scripting

Author: TUNISIAN CYBER + Exploit Title: singapore v0.9.9b/0.9.10 admin.php POST Cross Site Scripting Vulnerability + Date: 05-02-2014 + Category: WebApp + Google Dork: : + Tested on: KaliLinux + Vendor: http://sourceforge.net/projects/singapore/ + Friendly Sites: na3il.com,th3-creative.com...

Cross site scripting

Cross-site scripting XSS vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the groupid parameter in an addforum action to wp-admin/admin.php...

CVE-2012-6625

CVE-2012-6625 affects the ForumPress WP Forum Server plugin for WordPress, specifically the fs-admin/fs-admin.php component. The vulnerability is a SQL injection via the groupid parameter in an editgroup action, exploitable remotely and leading to arbitrary SQL execution. It applies to plugin ver...

CVE-2013-6797

CVE-2013-6797 is a CSRF vulnerability in the WordPress plugin Blue Wrench Video Widget (bluewrench-video-widget.php) prior to version 2.0.0 . The issue allows remote attackers to hijack an administrator’s session by crafting requests that embed arbitrary URLs via the bw_url parameter on the bw-vi...

CVE-2013-5977

Cross-site request forgery CSRF vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that 1 create or modify products or conduct cross-site scripting XSS attacks via the 2...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that 1 create or modify products or conduct cross-site scripting XSS attacks via the 2...

destoon b2b system all version SQL injection vulnerability analyses reference exp-vulnerability warning-the black bar safety net

在 include/global.func.php in stripsql function to pass the incoming value for the filter, but we can bypass this limit, to achieve the full version of the injected function stripsql$string $search =...

destoon full version SQL injection vulnerability-vulnerability warning-the black bar safety net

在 include/global.func.php in stripsql function to pass the incoming value for the filter, but we can bypass this limit, to achieve the full version of the injected function stripsql$string $search =...

CVE-2013-4626

Cross-site scripting XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php...

Sharebar <= 1.2.5 - Reflected Cross-Site Scripting (XSS)

sharebar-admin.php page Parameter XSS...

CVE-2013-3262

Cross-site scripting XSS vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter...

CVE-2013-3262

The CVE-2013-3262 entry concerns an XSS vulnerability in the WordPress Download Monitor plugin for admin/admin.php, exploitable via the p parameter. Affected version: Download Monitor before 3.3.6.2. Root cause: improper handling/sanitization of user-supplied input in the p parameter allows remot...

WordPress Download Monitor Plugin <= 3.3.6.1 - XSS #1

Because of this vulnerability in admin/admin.php, the attackers can inject arbitrary web script or HTML via the "sort" parameter. Solution Update the plugin...