CVE-2016-10758

PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the imagename parameter...

EUVD-2007-6541

Malware in sbrugna...

EUVD-2024-47643

Malicious code in bioql PyPI...

CVE-2024-6571

The Optimize Images ALT Text alt tag & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1. This is due the plugin utilizing cocur and not preventing direct access to the generate-default.php file. This makes it possible fo...

CVE-2024-6571

The Optimize Images ALT Text alt tag & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1. This is due the plugin utilizing cocur and not preventing direct access to the generate-default.php file. This makes it possible fo...

Path traversal

A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution...

CVE-2019-18871

The vulnerability CVE-2019-18871 affects Blaauw Remote Kiln Control (v3.00r4) and is a path-traversal flaw in debug.php accessed via default.php. An authenticated attacker can upload arbitrary files, enabling arbitrary remote code execution. Multiple connected sources (Red Hat, CNVD, NVD, CVE lis...

Design/Logic Flaw

PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the imagename parameter...

CVE-2016-10758

PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the imagename parameter...

CVE-2019-8435

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...

CVE-2019-8435

CVE-2019-8435 affects PHPMyWind v5.5, with an XSS vulnerability in admin/default.php exploitable via an HTTP Host header. The connected documents confirm the vulnerability and describe the impact as cross-site scripting, enabling arbitrary script/HTML injection when a crafted Host header is proce...

CVE-2018-19340

Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter...

vassar.mi.schoolwebpages.com XSS vulnerability

Open Bug Bounty ID: OBB-323702 Description| Value ---|--- Affected Website:| vassar.mi.schoolwebpages.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CIS Manager SQL Injection Vulnerability

CIS Manager is a content management system. CIS Content Management System 2015-Q4 default.php fails to properly handle the TroncoID parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

Multiple Cross-Site Scripting Vulnerabilities in TTChat

TTChat is a suite of professional video entertainment software from TigerTom.Com in the UK. TTChat 1.0.4 suffers from multiple cross-site scripting vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via the username parameter msg parameter to defaultphp or...

CVE-2011-5297

Multiple cross-site scripting XSS vulnerabilities in TTChat 1.0.4 allow remote attackers to inject arbitrary web script or HTML via 1 the msg parameter to default.php or 2 the username parameter to chatform.php...

CVE-2010-5287

CVE-2010-5287 : The connected records confirm a SQL injection in Cornerstone Technologies’ webConductor, via default.php and the id parameter, allowing remote command execution. The vulnerability is described consistently across NVD and related records as an input validation flaw leading to arbit...

Solucionweb (default.php) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Solucionweb default.php SQL Injection Vulnerability Date: 06-11-2012 Author: ShinoBi-Dz E-mail : email protected Facebook : https://www.facebook.com/shinobi.DZz Category: webapps Google dork: "Powered by: Solucionweb.com"...

b2evolution 4.0.5 Remote File Inclusion

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Web Professional (default.php) SQL Injection Vulnerability

Exploit for php platform in category web applications ========================================================== Web Professional default.php SQL Injection Vulnerability ==========================================================...