136 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
UBUNTU-CVE-2015-2941
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
CVE-2015-2941
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
CVE-2015-2941
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
CVE-2015-2941
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...
CVE-2015-2941
CVE-2015-2941 affects MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2 when HHVM is used. The vulnerability arises from improper handling of a wddx_serialize_value call in api.php for invalid parameters in a wddx format request, which can lead to cross-site scripting v...
UC Gateway Investment SiteEngine 5.0 'api.php' URI Redirection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31888/info SiteEngine is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing-style attacks. SiteEngine 5.0 is...
Discuz! X2.5 api.php 信息泄露漏洞
Discuz!是国内一套通用的社区论坛软件系统。 Discuz! X2.5 api.php文件中由于arraykeyexists中的第一个参数只能为整数或者字符串,当?mod=ks时,$mod类型为array,从而导致arraykeyexists产生错误信息。 0 Discuz! X2.5...
ecshop2.73 api.php 两处鸡肋注入
简要描述: null 详细说明: switch $POST'act' case 'searchgoodslist': searchgoodslist; break; case 'searchproductslist': searchproductslist; break; ...... function searchproductslist checkauth; ...... if !empty$POST'goodsid' && isnumeric$POST'goodsid' || !empty$POST'bn' //goodsid不为数字,bn不为空.假假得假,假真得真. $sql =...
Discuz! X2.5 api.php 路径泄露
No description provided by source...
PHPCMS V9.17 api/add_favorite.php SQL注入漏洞
$title = urldecode$title; $data = array'title'=$title, 'url'=$url, 'adddate'=SYSTIME, 'userid'=$userid; $favoritedb-insert$data; api.php需要注册用户才能访问,因此利用需要注册用户,并且登录,然后可以直接提交: /api.php?op=addfavorite&url=J&title=%2527%2520and%2520%2528select 这里是V9,因此,我们构造一下语句先: select count,concatselect select selec...
phpcms v9 api.php SQL注入漏洞
No description provided by source...
MediaWiki api.php脚本信息泄露漏洞
BUGTRAQ ID: 42019 MediaWiki是著名的wiki程序,运行于PHP+MySQL环境。 MediaWiki的api.php脚本没有正确地对缓存数据强制Cache-Control头,远程攻击者可以通过公开缓存头请求保密数据,包括文章标题和内容、已删除文章的内容、用户邮件地址或watchlist等。成功攻击要求攻击者能够使用与受害用户相同的HTTP代理服务器。 MediaWiki 1.8 - 1.15.4 厂商补丁: MediaWiki --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
UC Gateway Investment SiteEngine 5.0 - api.php Open Redirection
UC Gateway Investment SiteEngine 5.0 - api.php Open Redirection source: https://www.securityfocus.com/bid/31888/info SiteEngine is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing-style...
DEBIAN-CVE-2008-0460
Cross-site scripting XSS vulnerability in api.php in 1 MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and 2 the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via...
CVE-2008-0460
Cross-site scripting XSS vulnerability in api.php in 1 MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and 2 the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via...