Contact List < 2.9.42 - Reflected Cross-Site Scripting

The plugin does not escape the cardheight parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/edit.php?posttype=contact&page=contact-list-printable&cardheight="alert/XSS/...

innoEDIT 'innoedit.cgi'远程命令执行漏洞

Bugtraq ID:66367 innoEDIT是一款基于WEB的应用。 innoEDIT 'innoedit.cgi'不正确处理提交给'download'参数的数据，允许远程攻击者利用漏洞提交特殊shell元字符，可以WEB权限执行任意命令。 0 innoEDIT 6.2 目前没有详细解决方案提供： http://www.inno.com.mx/innoedit.htm http://www.mtyjet.com/innoedit/innoedit.cgi?download=;id|...

GLUCONE - SQL Injection Vulnerability

Exploit for php platform in category web applications -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x...

South River Technologies WebDrive 9.02 build 2232 - Local Privilege Escalation

South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges by Nine:Situations:Group::bellick site: http://retrogod.altervista.org/ Software site: http://www.webdrive.com/ Download location: http://www.webdrive.com/download/index.html Tested against: South Rive...