Online Marriage Registration System SQL Injection Vulnerability

Online Marriage Registration System is a website builder that supports online marriage registration. A SQL injection vulnerability exists in Online Marriage Registration System version 1.0, which stems from a lack of validation of the searchdata parameter of the search.php request against an...

Phpgurukul Online Marriage Registration System SQL注入漏洞

Online Marriage Registration System is a website builder that supports online marriage registration. A SQL injection vulnerability exists in Online Marriage Registration System version 1.0, which stems from a lack of validation of the searchdata parameter of the search.php request against an...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection a malicious user could inject commands through the data variable: Affected Area require'../server/getJsonByCurl'mock2easy, function error, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , '',...

UBUNTU-CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

Webmin Arbitrary Command Execution Vulnerability

Webmin is a set of Web-based system management tools for Unix-like operating systems. A security vulnerability exists in Webmin versions 1.910 and earlier. The vulnerability can be exploited to execute arbitrary commands with root privileges by sending the 'data' parameter to the update.cgi file...

JSmol2WP Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL servers to set up a personal blog site.JSmol2WP Plugin is used in one of the plugin to support the view of the 3D chemical structure. A cross-site...

CVE-2018-20462

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter...

CVE-2018-18943

An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the dataUploaderCategoryname parameter to an admin/uploader/uploadercategories/edit URI...

Remote code execution

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...

CVE-2018-16147

The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...

Cross site scripting

The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...

CVE-2018-16147

Opsview Monitor CVE-2018-16147 is a stored XSS in the data parameter of the /settings/api/router endpoint. Affected versions include Opsview Monitor 5.3 and 5.4 (and 5.2 per CORE-2018-0008) prior to fixes. The vulnerability can allow an attacker to inject JavaScript executed in the context of an ...

CVE-2018-1000042

Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command OS Command Injection vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web reques...

Behavior of VM.xenstore_data

Summary This article describes the behavior ofVM.xenstoredata. This behavior might affect customers who use thexenstore-data parameter of a Virtual Machine VM, especially those customers who are writing software that interacts with XenServer and uses this parameter. Behavior of VM.xenstoredata If...

CVE-2017-5962

An issue was discovered in contextswurfl for TYPO3 before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "forceua" HTTP GET parameter passed to the "/contextswurfl/Library/wurfl-dbapi-1.4.4.0/checkwurfl.php" URL. An attacker could execute arbitrary HTM...

Xxe

XML external entity XXE vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the datatext parameter...

MW6 Technologies Aztec ActiveX (Data param) - Buffer Overflow

No description provided by source. !-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow DEFINITELY leading to arbitrary code execution. COM Object - F359732D-D020-40ED-83FF-F381EFE36B54 MW6Aztec Class File...

MW6 Technologies MaxiCode ActiveX (Data param) - Buffer Overflow

No description provided by source. !-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow DEFINITELY leading to arbitrary code execution. COM Object - 2355C601-37D1-42B4-BEB1-03C773298DC8 MW6MaxiCode Class File...

MW6 Technologies MaxiCode ActiveX (Data param) - Buffer Overflow

Exploit for windows platform in category dos / poc !-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow DEFINITELY leading to arbitrary code execution. COM Object - 2355C601-37D1-42B4-BEB1-03C773298DC8...