Woo Discount Rules < 2.4.2 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=woodiscountrules&name="+style=animation-name:rotation+onanimationstart=alert/XSS///...

Plague News System 0.7 CID Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14137/info Plague News System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script. An attacker may leverag...

Magic Photo Storage Website admin/add_welcome_text.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

PacPoll 4.0 (poll.mdb/poll97.mdb) Database Disclosure Vulnerability

No description provided by source. -----------------------------OffensiveTrack------------------------------ ---------------------------- Tunisia Muslim ------------------------------ found by : OffensiveTrack Author : AlpHaNiX website : www.offensivetrack.org contact : AlpHaATHACKERDOTBZ script ...

SLAED CMS 'index.php'本地文件包含漏洞

BUGTRAQ ID: 27426 CNCAN ID:CNCAN-2008012406 SLAED CMS是一款基于PHP的WEB应用程序。 SLAED CMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'index.php'脚本对用户提交的'newlang'参数处理缺少充分过滤，提交本地系统文件作为包含对象，可导致以WEB权限查看系统文件内容。 SLAED CMS 2.5 Lite 厂商解决方案 目前没有详细解决方案提供： http://www.slaed.net/...

PSlash lvc_include_dir远程文件包含漏洞

PSlash是一款基于PHP的WEB应用程序。 PSlash不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'config.inc.php'脚本对用户提交的'lvcincludedir'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Derek Leung pSlash 0.70 http://www.pslash.com/...