EasyAnswer 1.0.1 Cross Site Request Forgery

==================================================================================================================================== | Title : EasyAnswer version 1.0.1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 114.0.164-bit | |...

CVE-2021-43484

A Remote Code Execution RCE vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request...

Simple Client Management System SQL注入漏洞

Simple Client Management System is a simple client management system by Carlo Montero Personal Developer. A security vulnerability exists in Simple Client Management System 1.0 in create.php due to a Remote Code Execution RCE vulnerability due to an inability to validate the extension of a file...

Cross site request forgery (csrf)

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted newmodulename parameter to backend/addons/ajaxcreate.php. NOTE: this can be exploited via CSRF...

thinksaas最新版xss

简要描述： thinksaas最新版xss 详细说明： 漏洞文件：\app\group\action\create.php case "do": if$TSAPP'options''iscreate' == 0 || $TSUSER'user''isadmin'==1 $groupname = trim$POST'groupname';//这里没有过滤 $groupdesc = tsClean$POST'groupdesc';//重点函数tsClean过滤了 if$groupname=='' || $groupdesc=='' tsNotice'小组名称和介绍不能为空！'; //过滤内容...

vCard PRO 3.1 - Cross Site Scripting Vulnerability

No description provided by source. ======================================================================================== | Title : vCard PRO 3.1 Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeri...

vCard PRO 0 create.php card_id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/18699/info VCard PRO is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit...

WordPress Survery And Quiz Tool 1.2.1 Cross Site Scripting

------------------------------------------------------------------------ Software................WordPress Survery And Quiz Tool 1.2.1 Vulnerability...........Reflected Cross-site Scripting Download................http://wordpress.org/extend/plugins/wp-survey-and-quiz-tool/ Release...

vCard PRO 3.1 Cross Site Scripting Vulnerability

No description provided by source. ======================================================================================== | Title : vCard PRO 3.1 Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeri...

vCard PRO 3.1 - Cross-Site Scripting

======================================================================================== | Title : vCard PRO 3.1 Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | | EDB-ID : 1067...

vcard26-xss.txt

Discovered By : Hasadya Raed Contact : [email protected] Script: vCard 2.6 c2002 Bug in : create.php Exploit : http://www.victim.com/path/create.php?uploaded="alert1; --...

XSS Remote In vCard 2.6 (c)2002

Discovered By : Hasadya Raed Contact : [email protected] Script: vCard 2.6 c2002 Bug in : create.php Exploit : http://www.victim.com/path/create.php?uploaded="alert1;/script -- Get your free email from http://bsdmail.com...

vCard PRO - 'create.php?card_id' SQL Injection

source: https://www.securityfocus.com/bid/18699/info VCard PRO is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromi...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the 1 cardid, 2 uploaded, 3 cardfontsize, or 4 cardcolor parameter. NOTE: the cardid vector was later reported to affect vCard 2.9, and the uploaded vecto...

CVE-2006-1230

Multiple cross-site scripting XSS vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the 1 cardid, 2 uploaded, 3 cardfontsize, or 4 cardcolor parameter. NOTE: the cardid vector was later reported to affect vCard 2.9, and the uploaded vecto...

CVE-2006-1230

Multiple cross-site scripting XSS vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the 1 cardid, 2 uploaded, 3 cardfontsize, or 4 cardcolor parameter. NOTE: the cardid vector was later reported to affect vCard 2.9, and the uploaded vecto...

CVE-2006-1230

CVE-2006-1230 describes multiple cross-site scripting (XSS) flaws in create.php of vCard 2.x, allowing remote injection of arbitrary script/HTML via (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameters. The note indicates the card_id vector was later reported to affect vCard...

CVE-2006-0312

create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1...

Widget Imprint SQL inj. vuln.

Widget Imprint SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/widget-imprint-sql-inj-vuln.html Vendor:http://www.widgetpress.com/products?product=wimprint affected version: 1.0.26 and prior Product Description: Database driven web...