Typesetter 跨站脚本漏洞

Typesetter is an open source CMS written in PHP with True WYSIWYG editing and flat file storage. Typesetter suffers from a cross-site scripting vulnerability. The vulnerability can be exploited to conduct cross-site scripting attacks via the className and Description fields in...

note-mark

Note Mark !License: AGPL V3https://img.shields.io/github/li...

CuteNews News.txt writable to world

Date: August 29, 2004 Vender: http://www.cutephp.com/ Program: CuteNews Versions affected: = 1.3.6 Bug: CuteNews News.txt writable to world Type: Author: e0r www: http://www.rootthief.com/ team: !Sui-Generes !Sui Email: homicidal @ gmail . com ----------------------------- Discription: Cute news ...

PHP-Board 1.0 - User Password Disclosure

source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative...