ThinkCMF SQL Injection Vulnerability (CNVD-2019-07960)

ThinkCMF is a Chinese content management framework based on PHP+MYSQL. An SQL injection vulnerability exists in the editpost function in NavController.class.php in ThinkCMF X2.2.2, which can be exploited by users with administrator privileges to perform SQL injection attacks via the parentid...

ekobroucek.cz Cross Site Request Forgery vulnerability

Open Bug Bounty ID: OBB-656150 Description| Value ---|--- Affected Website:| ekobroucek.cz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| CSRF Cross-Site Request Forgery / CWE-352 CVSSv3 Score:| 8.8...

rondony.cz Cross Site Request Forgery vulnerability

Open Bug Bounty ID: OBB-655177 Description| Value ---|--- Affected Website:| rondony.cz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| CSRF Cross-Site Request Forgery / CWE-352 CVSSv3 Score:| 8.8...

Bludit Cross-Site Scripting Vulnerability

Bludit is an open source free lightweight blog CMS Content Management System system. new page, new category and edit post function body message context are among the functional modules. new page is a new page to add modules. new category is a new category to add modules . new page is a new page a...

CVE-2017-16636

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...

Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability

Document Title: =============== Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1855 Release Date: ============= 2016-06-05 Vulnerability Laboratory ID VL-ID: ====================================...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that 1 ban a user via the username parameter in a dobanuser action to modcp/banning.php or 2 unban a user, 3 modify...

CVE-2014-9438

Cross-site request forgery CSRF vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that 1 ban a user via the username parameter in a dobanuser action to modcp/banning.php or 2 unban a user, 3 modify...

CVE-2011-5106

Cross-site scripting XSS vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter...

Mingle Forum SQL Injection / Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1. Advisory Information Title: Multiple Vulnerabilities in Mingle Forum WordPress Plugin Advisory URL: http://www.charleshooper.net/advisories/ Date Published: January 8th, 2011 Vendors Contacted: Paul Carter - Maintainer of plugin. 2. Summary Mingle...

WordPress Plugin mingle forum 1.0.26 - Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1. Advisory Information Title: Multiple Vulnerabilities in Mingle Forum WordPress Plugin Advisory URL: http://www.charleshooper.net/advisories/ Date Published: January 8th, 2011 Vendors Contacted: Paul Carter - Maintainer of plugin. 2. Summary Mingle...

DEBIAN-CVE-2008-3747

The 1 geteditpostlink and 2 geteditcommentlink functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie...

CVE-2008-3092

SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors...

DEBIAN-CVE-2007-5710

Cross-site scripting XSS vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the postscolumns array parameter...

WordPress <= 2.3 - XSS

Because of this vulnerability in wp-admin/edit-post-rows.php, the attackers can inject arbitrary web script or HTML via the "postscolumns" array parameter. Solution Update WordPress...