133 matches found
CVE-2018-10222
An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=articlecategory&do=save&frame=iPHP...
CVE-2018-9925
An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request...
SQL Injection Vulnerability in iCMS v7.0.7 keywords.admincp.php Page
iCMS is a free, clean, efficient, and useful PHP content management system. A SQL injection vulnerability exists in the iCMS v7.0.7 keywords.admincp.php page. The vulnerability stems from the orderby parameter being brought into the database for execution without any processing. An attacker can...
SQL Injection Vulnerability in iCMS v7.0.7 admincp.app.php Page
iCMS is a free, clean, efficient, and useful PHP content management system. iCMS v7.0.7 suffers from a SQL injection vulnerability in the admincp.app.php page. The vulnerability stems from the orderby parameter being brought into the database for execution without any processing. An attacker can...
SQL Injection Vulnerability in iCMS v7.0.7 apps.admincp.php Page
iCMS is a free, clean, efficient, and useful PHP content management system. iCMS v7.0.7 has a SQL injection vulnerability in the apps.admincp.php page. The vulnerability stems from the orderby parameter being brought into the database for execution without any processing. An attacker can exploit...
MyBB 1.8.12 Stored XSS / File Enumeration
| \ | \ | | | | | | / \ | | | |/ / | |/ / | | | | | | | | | / / | | | / | / | | | | | | | | | | | | | | | |\ \ \ / / // / | | | /\ | | | | | / / / / / | | | \ | | / | | | / \ | | | | | \ | | | | \ \ / / | | | | | \ --. | | | / / | | | | | |/ / | | | | \ V / | | | . | --. \ | | | | | |...
Discuz! admincp.php CSRF引起XSS
首先是一个CSRF:url:/admincp.php?action=members&operation=newsletter&username=%2A&uid=0&srchemail=®datebefore=®dateafter=&postshigher=&postslower=®ip=&lastip=&lastvisitafter=&lastvisitbefore=&lastpostafter=&lastpostbefore=&birthyear=&birthmonth=&birthday=&lowercredits=&lowerextcredits1=&lowere...
MvMmallv5. 5SQL injection of php exp exploit-vulnerability warning-the black bar safety net
Vulnerability type: MvMmall v5. 5. 1 SQL injection vulnerability Default background:admincp. php? module=index Google search:”Powered by MvMmall v5. 5. 1" One, use: php exp use 1 Install the php environment Use phpnow very simple to install. 2 Use exp attack Link: Extract password: aahj The exp...
Sql injection
Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 editblock.php, 2 editcat.php, 3 editnote.php, or 4 rmvtopic.php in admincp/...
CVE-2014-8469
Cross-site scripting XSS vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header...
Cross site scripting
Cross-site scripting XSS vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header...
CVE-2014-8469
Cross-site scripting XSS vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header...
CVE-2014-8469
CVE-2014-8469 is a stored XSS in PHPFox (Moxi9) before 4 Beta, exploitable via the User-Agent header in AdminCP’s Guests/Boots. The issue arises from manipulating the user_agent field, enabling remote script/html injection. Public records show an exploit exists (PHPFox XSS AdminCP) and the vendor...
PHPFox Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CNA primary MITRE Corporation cve-assign \NOSPAM\ mitre \NOSPAM\ org Software Vendors http://moxi9.com/phpfox Product: PhpFox Version: ALL Research Wesley Henrique Leite wesleyhenrique \NOSPAM gmail \NOSPAM// com + INFORMATION Vendor Notified :...
PHPFox - Persistent Cross-Site Scripting
PHPFox - Persistent Cross-Site Scripting Exploit Title: PHPFox XSS AdminCP Date: 2014-10-22 Exploit Author: Wesley Henrique Leite aka "spyk2r" Vendor Homepage: http://www.moxi9.com Version: All version CVE : CVE-2014-8469 Response Vendor: fixed 2014-10-23 to v4 Beta + DESCRIPTION The system store...
PHPFox - Persistent Cross-Site Scripting
Exploit Title: PHPFox XSS AdminCP Date: 2014-10-22 Exploit Author: Wesley Henrique Leite aka "spyk2r" Vendor Homepage: http://www.moxi9.com Version: All version CVE : CVE-2014-8469 Response Vendor: fixed 2014-10-23 to v4 Beta + DESCRIPTION The system stores all urls accessed in a database table,...
CVE-2014-2021
Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...
vBulletin 5.x / 4.x Persistent Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ============================================================================ ==================== Overview - -------- date : 10/12/2014 cvss : 4.6...
vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API (Authenticated) Persistent Cross-Site Scripting
CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API post-auth ================================================================================================ Overview -------- date : 10/12/2014 cvss : 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P base cwe : 79 vendor : vBulletin...
GameScript 3.0 - SQL Injection Vulnerability
No description provided by source. Exploit: /index.php?action=category&id=-6+union+all+select+1,concatusername,0x3a,password,3+from+users-- 管理页面:admincp http://site/index.php?action=category&id=-6+union+all+select+1,concatusername,0x3a,password,3+from+users--...