CVE-2015-1372

SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter in a search request, 2 username in a login request, which is not properly handled when logging the event, or 3 page titl...

Sql injection

SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php...

CVE-2015-1373

The CVE-2015-1373 entry concerns ferretCMS 1.0.4-alpha, where multiple XSS vulnerabilities exist in admin.php. The attacker can inject arbitrary script/HTML through: (1) the action parameter in a search request, (2) the username in a login request that is not properly handled when logging the eve...

CVE-2015-1373

Multiple cross-site scripting XSS vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter in a search request, 2 username in a login request, which is not properly handled when logging the event, or 3 page titl...

WordPress Photo Gallery plugin <= 1.2.100 - SQL Injection

Because of this vulnerability, authenticated users can execute arbitrary SQL commands via "the ascordesc" parameter in the galleriesbwg page to wp-admin/admin.php. Solution Upgrade the plugin...

CVE-2014-10017

Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 changeSort or 2 switch parameter in the uscesitemedit page to wp-admin/admin.php...

Kajona 'admin.php' Cross-Site Scripting Vulnerability

Kajona is a set of Kajona team based on PHP and MySql open source content management framework. A cross-site scripting vulnerability exists in Kajona 'admin.php' because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary...

CVE-2014-9437

Multiple cross-site request forgery CSRF vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attacks via...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attacks via...

Sql injection

Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the 1 sectionID parameter to admin/managersection.php, 2 userID parameter to admin/edituser.php, 3 username parameter to admin/admin.php, or 4 title parameter to...

WordPress Shareaholic Plugin <= 7.6.0 - XSS

This vulnerability is in admin.php. It allows authenticated users to inject arbitrary web script or HTML via the "locationid" parameter that is in a shareaholicaddlocation action to wp-admin/admin-ajax.php. Solution Update the plugin...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the polyid parameter in an 1 editpoly, 2 editpolyline, or 3 editmarker action in the wp-google-maps-menu page to...

Cross site scripting

Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...

CVE-2014-7181

Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...

CVE-2014-8294

Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the 1 allmyphpcookie cookie to admin.php or the 2 Username or 3 Password...

Cross site scripting

Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php...

Sql injection

SQL injection vulnerability in the editgallery function in admin/galleryfunc.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php...

HDW Player 2.4.2 - wp-admin/admin.php videos Page id Parameter SQL Injection

The HDW Player Plugin Video Player & Video Gallery WordPress plugin was affected by a wp-admin/admin.php videos Page id Parameter SQL Injection security vulnerability...

Sql injection

SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...