CVE-2018-9104

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

FineCMS v5.2.0 SQL注入

在/finecms/dayrui/controllers/Api.php第45行： template-cron = 0; $GET'page' = max1, int$this-input-get'page'; $params = drstring2arrayurldecode$this-input-get'params'; $params'get' = @jsondecodeurldecode$this-input-get'get', TRUE; $this-template-assign$params; $name = strreplacearray'\', '/', '..',...

CVE-2018-6893

controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...

CVE-2017-8809

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability...

DEBIAN-CVE-2017-8809

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability...

CVE-2017-8809

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability...

CVE-2017-8809

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability...

CVE-2017-13697

controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable...

CVE-2017-11629

dayrui FineCms through 5.0.10 has Cross Site Scripting XSS in controllers/api.php via the function parameter in a c=api&m=data2 request...

Cross site scripting

dayrui FineCms through 5.0.10 has Cross Site Scripting XSS in controllers/api.php via the function parameter in a c=api&m=data2 request...

CVE-2017-11629

dayrui FineCms through 5.0.10 has Cross Site Scripting XSS in controllers/api.php via the function parameter in a c=api&m=data2 request...

CVE-2017-11629

FineCMS

Design/Logic Flaw

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php...

DEBIAN-CVE-2016-6331

ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php...

CVE-2016-6335

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php...

gaivota.org XSS vulnerability

Vulnerable URL: http://gaivota.org/api.php?callback=prompt/OPENBUGBOUNTY/...

imo云办公室系统 /api/Api.php 参数cid SQL注入漏洞

No description provided by source...

TaoCMS v2.5Beta4 api.php 存在任意代码执行漏洞

No description provided by source...

h5ai < 0.25.0 /server/php/inc/Api.php 任意文件上传漏洞

No description provided by source...

PHPCMS V9 /api.php Authkey 信息泄漏

No description provided by source...