OpenDocMan 1.2.5 admin.php last_message Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...

Invision Power Services Invision Board 2.1 admin.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15344/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issu...

NPDS 4.8 /5.0 admin.php language Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. This may...

e107 website system 0.7.5 admin.php Query String (PATH_INFO) Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may levearge this issue to have arbitrary script code execute in the...

Phorum 5.1.20 admin.php modsettings Module smiley_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...

OFFL <= 0.2.6 (teams.php fflteam) Remote SQL Injection Vulnerability

No description provided by source. -+================================================================================+- -+ OFFL = 0.2.6 Remote SQL Injection Vulnerability +- -+================================================================================+- Discovered By: t0pP8uZz Discovered On:...

Xoops 2.0.18 modules/system/admin.php fct Parameter Traversal Local File Inclusion

No description provided by source...

eTicket 1.5.5.2 admin.php CSRF

No description provided by source. source: http://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site...

PHPNuke 6.x Category Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9630/info It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the...

flashlight free edition (lfi/sql) Multiple Vulnerabilities

No description provided by source. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Flashlight Free Edition - LFI/SQL Multiple Remote Vul XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RATM: All hell can't stop us now! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX...

Aperto Blog 0.1.1 - Local File Inclusion / SQL Injection Vulnerabilities

No description provided by source. =========================================================================================================== o Aperto Blog 0.1.1 Local File Inclusion and SQL Injection Vulnerabilities Software : Aperto Blog version 0.1.1 Vendor :...

Easynews <= 4.4.1 (admin.php) Authentication Bypass Vulnerability

No description provided by source. +------------------------------------------------------------------------------------------- + Easynews = 4.4.1 admin.php Authentication Bypass Vulnerability +------------------------------------------------------------------------------------------- + Affected...

eTicket 1.5.5.2 admin.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site...

CVE-2014-4036

Cross-site scripting XSS vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action...

AllMyVisitors 0.5.0 Insecure Cookie Handling Vulnerability

Exploit for php platform in category web applications ----------exploit Debut Insecure Cookie Handling Vulnerability ----------Script Info Author : JIKO ----------Script Info Site : http://www.voice-of-web.de/c-AllMyVisitors-s29.html Version : 0.4.1 Download :...

CVE-2014-3247

Cross-site scripting XSS vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project addpro action to admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project addpro action to admin.php...

CVE-2014-3247

Collabtive 1.2 contains a Stored XSS in the Add Project (admin.php?action=addpro) path. The desc parameter value is copied into the HTML document as plain text between tags, allowing arbitrary JavaScript execution. Affected product/version: Collabtive 1.12; fixed in version 2.0. Impact: authentic...

QuickCms 5.4 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: QuickCms 5.4 Multiple Vulnerabilites Date: 04/08/2014 Author: shpendk Software Link: http://opensolution.org/download,en,18.html?sFile=Quick.Cms/Quick.Cmsv5.4.zip Version: 5.4 Tested on: Xampp on Windows Reflected XSS Vulnerability in Admin Area: Trigger:...

CVE-2013-2945

CVE-2013-2945 is a SQL injection vulnerability in blogs/admin.php of b2evolution before 4.1.7. The flaw enables remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter; note that this can be leveraged with CSRF to allow remote unauthenticated attack...