CVE-2013-1834

notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified 1 userid or 2 courseid field...

TinyBrowser /tiny_mce/plugins/tinybrowser/edit.php type Parameter XSS

TinyBrowser /tinymce/plugins/tinybrowser/edit.php type Parameter XSS. Webapps exploit for php platform source: http://www.securityfocus.com/bid/57230/info TinyBrowser is prone to multiple vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to...

TinyBrowser - edit.php Directory Listing

TinyBrowser - edit.php Directory Listing source: https://www.securityfocus.com/bid/57230/info TinyBrowser is prone to multiple vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting...

TinyBrowser - 'edit.php' Directory Listing

source: https://www.securityfocus.com/bid/57230/info TinyBrowser is prone to multiple vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

CVE-2012-3872

CVE-2012-3872 affects Open Constructor 3.12.0. The vulnerability is a set of reflected XSS flaws in which user-supplied input can be injected via three parameters: (1) result in data/file/edit.php, (2) q in confirm.php, and (3) keyword in users/users.php. Exploitation would allow remote attackers...

dedecms 5.7 soft-edit.php 代码执行漏洞

No description provided by source...

[waraxe-2012-SA#089] - Multiple Vulnerabilities in TorrentTrader 2.08

waraxe-2012-SA089 - Multiple Vulnerabilities in TorrentTrader 2.08 =============================================================================== Author: Janek Vind "waraxe" Date: 17. September 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-89.html Description of vulnerable...

CVE-2012-4393

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use 1 addBookmark.php, 2 delBookmark.php, or 3 editBookmark.php in bookmarks/ajax/; 4 calendar/delete.php, 5 calendar/edit.php...

CVE-2012-1934

Newscoop (Vendor Sourcefabric) is affected by CVE-2012-1934: an SQL injection in admin/country/edit.php through the f_country_code parameter vulnerable in Newscoop versions before 3.5.5 and 4.x before 4 RC4. The underlying issue is unsanitised input used in SQL queries, enabling an attacker to ma...

CVE-2012-2365

Cross-site scripting XSS vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php...

[CVE-2012-1002] OpenConf <= 4.11 (author/edit.php) Blind SQL Injection Vulnerability

-------------------------------------------------------------------- OpenConf = 4.11 author/edit.php Blind SQL Injection Vulnerability -------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...

CMSmini 0.2.2 Local File Inclusion

Exploit Title: CMSmini 0.2.2 Local File Inclusion Date: 2011.10.20 Author: I2Sec5-BSK Software Link: http://sourceforge.net/projects/cmsmini/ Version: CMSmini 0.2.2 Tested on: Windows XP -------------------------------------------------- /admin/edit.php 30 $name = $GET'name'; 73 $filename =...

CMS mini 0.2.2 - Local File Inclusion

CMS mini 0.2.2 - Local File Inclusion Exploit Title: CMSmini 0.2.2 Local File Inclusion Date: 2011.10.20 Author: I2Sec5-BSK Software Link: http://sourceforge.net/projects/cmsmini/ Version: CMSmini 0.2.2 Tested on: Windows XP -------------------------------------------------- /admin/edit.php 30...

CMS mini 0.2.2 - Local File Inclusion

Exploit Title: CMSmini 0.2.2 Local File Inclusion Date: 2011.10.20 Author: I2Sec5-BSK Software Link: http://sourceforge.net/projects/cmsmini/ Version: CMSmini 0.2.2 Tested on: Windows XP -------------------------------------------------- /admin/edit.php 30 $name = $GET'name'; 73 $filename =...

CMSmini 0.2.2 Local File Inclusion

Exploit for php platform in category web applications Exploit Title: CMSmini 0.2.2 Local File Inclusion Date: 2011.10.20 Author: I2Sec5-BSK Software Link: http://sourceforge.net/projects/cmsmini/ Version: CMSmini 0.2.2 Tested on: Windows XP --------------------------------------------------...

CVE-2011-3371

Multiple cross-site scripting XSS vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 formsent, 3 csrftoken, 4 reqconfirm, or 5 delete parameter to delete.php, the 6 id, 7 formsent, 8 csrftoken, 9 reqmessage,...

Toko Lite CMS 1.5.2 - 'edit.php' HTTP Response Splitting

Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web editor and content management system CMS. It is advance...

Toko Lite CMS 1.5.2 HTTP Response Splitting

Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web editor and content management system CMS. It is advance...

Toko Lite CMS 1.5.2 (edit.php) HTTP Response Splitting Vulnerability

Exploit for php platform in category web applications Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web...

encoder 0.4.10 - edit.php Cross-Site Scripting

encoder 0.4.10 - edit.php Cross-Site Scripting source: https://www.securityfocus.com/bid/47755/info encoder is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...