1599 matches found
POLLSolved 1.5.2 SQL Injection / Authentication Bypass
Exploit Title : POLLSolved Authentication Bypass Exploit Author : Persian Hack Team Vendor Homepage : http://www.usolved.net/ Google Dork : intitle:POLLSolved Date: 2015/11/12 Version : v1.5.2 PoC: To bypass the login page enter '=' 'or' for username and password input. Login And Add Your Poll D:...
Quick.Cart 6.6 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Quick.Cart 6.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/07/2015 Disclosed to public: 10/07/2015 Release mode:...
mcGallery 'lang' Parameter Multiple Cross Site Scripting Vulnerabilities
背景: PhpForums.net mcGallery是一款网站图片管理脚本工具。 类型: xss 影响: 可注入任意web脚本或HTML 分析: PhpForums.net mcGallery 1.1版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助对 1admin.php, 2index.php, 3sess.php, 4stats.php, 5detail.php, 6resize.php, 7show.php的lang参数,注入任意web脚本或HTML。...
Nibbleblog 4.0.3 admin.php CSRF
No description provided by source. this." document.getElementById"myForm".submit;...
WDS CMS /wds_news/article.php SQL注入
Exploit : http:// Target/wdsnews/article.php?ID=-1+union+select+1,groupconcatusername,0x3a,password,3,4,5,6,7,8,9,10+from+cmsadmin-- Upload Shell : http://Target/wdsnews/admin.php?mode=listfile Shell Path : http://Target/wdsnews/filer/shell.php...
Cross site scripting
Cross-site scripting XSS vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php...
CVE-2015-2982
Summary (CVE-2015-2982) : The PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone (Free) versions 1.0.1 and earlier is affected by a cross-site scripting (XSS) vulnerability in the jquery.lightbox-0.5.min.js path, caused by inadequate input filtering in admin.php. A remote authenticat...
CVE-2015-2982
Cross-site scripting XSS vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php...
Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site scripting
Overview Photo Gallery CMS for PC, smartphone and feature phone Free provided by PHP Kobo contains a cross-site scripting CWE-79 vulnerability in admin.php. Yuji Tounai of NTT Com SecurityJapan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
WordPress Unite Gallery Lite Plugin 1.4.6 - Multiple Vulnerabilities
WordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection vulnerabilities. Title: Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 Submitter: Nitin Venkatesh Product: Unite Gallery Lit...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the uscesreferer parameter to 1 classes/usceshop.class.php, 2 includes/edit-form-advanced.php, 3 includes/edit-form-advanced30.php,...
CVE-2015-2973
Multiple cross-site scripting XSS vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the uscesreferer parameter to 1 classes/usceshop.class.php, 2 includes/edit-form-advanced.php, 3 includes/edit-form-advanced30.php,...
Welcart vulnerable to SQL injection
Overview Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a SQL injection CWE-89 vulnerability due to the processing of changeSort parameter in admin.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
JVN#92828286: Welcart vulnerable to SQL injection
Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a SQL injection CWE-89 vulnerability due to the processing of changeSort parameter in admin.php. Impact An attacker that can log in to WordPress with this plugin enabled may obtain or alter...
JVN#97971874: Welcart vulnerable to cross-site scripting
Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting CWE-79 vulnerability due to the processing of uscesreferer parameter in admin.php. Impact If a user views a malicious page while logged into WordPress with this plugin...
CVE-2015-4063
Cross-site scripting XSS vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nspsearch page to wp-admin/admin.php...
WordPress LeagueManager Plugin <= 3.7 - Cross Site Scripting
This plugin is prone to a wp-admin/admin.php multiple parameter cross site scripting vulnerability. Solution Update the plugin...
WordPress Download Manager Plugin <= 2.2.2 - XSS
This plugin is prone to admin.php cid parameter cross site scripting vulnerability. Solution Update the plugin...
Directory traversal
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart aka The Professional WordPress eCommerce Plugin plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. dot dot in the tcpboxpath parameter in the checkouteditorsettings page to...
CVE-2014-9311
CVE-2014-9311 affects the WordPress Shareaholic plugin prior to version 7.6.1.0. The vulnerability is a cross-site scripting (XSS) flaw in admin.php where authenticated users can inject arbitrary script/HTML via the location[id] parameter in the shareaholic_add_location action to wp-admin/admin-a...