CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16671 info: name:...

BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting

BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. id: CVE-2018-16139 info: name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting author:...

Fortinet FortiOS - Cross-Site Scripting

Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters. id: CVE-2018-13380 info: name:...

Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion

A directory traversal vulnerability in the Affiliate Datafeeds comdatafeeds component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1979 info: name: Joomla! Component Affiliate Datafeeds 880 - Local Fi...

Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion

A directory traversal vulnerability in the iNetLanka Multiple Map commultimap component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1953 info: name: Joomla! Component iNetLanka Multiple Map 1.0 - Local Fil...

Joomla! Component NoticeBoard 1.3 - Local File Inclusion

A directory traversal vulnerability in the Code-Garage NoticeBoard comnoticeboard component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1658 info: name: Joomla!...

Joomla! Component SmartSite 1.0.0 - Local File Inclusion

A directory traversal vulnerability in the SmartSite comsmartsite component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1657 info: name: Joomla! Component SmartSite 1.0.0 - Local File Inclusion author:...

Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion

A directory traversal vulnerability in the ZiMB Comment comzimbcomment component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1602 info: name: Joomla! Component...

HP System Management Homepage (SMH) v2.x.x.x - Open Redirect

Open redirect vulnerability in red2301.html in HP System Management Homepage SMH 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter. id: CVE-2010-1586 info: name: HP System Management Homepage SMH v2.x.x.x - Open...

Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion

A directory traversal vulnerability in the givesight PowerMail Pro compowermail component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1532 info: name: Joomla!...

Joomla! Component Sweetykeeper 1.5 - Local File Inclusion

A directory traversal vulnerability in the Sweety Keeper comsweetykeeper component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1474 info: name: Joomla! Compone...

Joomla! Component JProject Manager 1.0 - Local File Inclusion

A directory traversal vulnerability in the Ternaria Informatica JProject Manager comjprojectmanager component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1469 inf...

Django - Open Redirect

Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 contains an open redirect vulnerability. If django.middleware.common.CommonMiddleware and APPENDSLASH settings are selected, and if the project has a URL pattern that accepts any path ending in a slash, an attacker can redirect a user to a...

Dolibarr <7.0.2 - Cross-Site Scripting

Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. id: CVE-2018-10095 info: name: Dolibarr 7.0.2 - Cross-Site Scripting author: pikpikcu severity: medium...

D-Link Routers - Local File Inclusion

D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /...

Odoo 8.0/9.0/10.0 - Local File Inclusion

Odoo 8.0, 9.0, and 10.0 are susceptible to local file inclusion via tools.fileopen. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2017-9416 info: name: Odoo 8.0/9.0/10.0 -...

Updater by BestWebSoft < 1.35 - Cross-Site Scripting

The updater plugin before 1.35 for WordPress has multiple XSS issues. id: CVE-2017-18565 info: name: Updater by BestWebSoft 1.35 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The updater plugin before 1.35 for WordPress has multiple XSS issues. impact: | Authenticat...

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

AvantFAX 3.3.3 - Cross-Site Scripting

AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. id: CVE-2017-18024 info: name: AvantFAX 3.3.3 - Cross-Site Scripting author: pikpikc...

FineCMS <=5.0.10 - Cross-Site Scripting

FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request. id: CVE-2017-11629 info: name: FineCMS =5.0.11 which includes a fix for this vulnerability. reference: -...