295 matches found
CVE-2019-13575
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php...
CVE-2019-13575
The CVE-2019-13575 entry describes a SQL injection in the WordPress plugin Everest Forms (WPEverest) up to version 1.4.9 via includes/evf-entry-functions.php. The underlying issue is improper handling/sanitization of user input that allows remote attackers to execute arbitrary SQL commands, with ...
CVE-2019-7345
Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...
CVE-2019-7345
Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...
CVE-2019-7345
Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...
CVE-2019-7337
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...
Cross site scripting
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...
UBUNTU-CVE-2019-7337
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...
CVE-2019-7345
Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...
CVE-2019-7337
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...
CVE-2019-7345
Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php...
CVE-2018-19559
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the referenceid parameter...
WordPress 4.7.x < 4.7.8 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...
WordPress 3.7.x < 3.7.24 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...
WordPress 4.5.x < 4.5.12 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...
WordPress 3.9.x < 3.9.15 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...
Remote code execution
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related t...
CVE-2018-10059
Cacti before 1.1.37 has XSS because the getcurrentpage function in lib/functions.php relies on $SERVER'PHPSELF' instead of $SERVER'SCRIPTNAME' to determine a page name...
CVE-2018-10059
Cacti before 1.1.37 has XSS because the getcurrentpage function in lib/functions.php relies on $SERVER'PHPSELF' instead of $SERVER'SCRIPTNAME' to determine a page name...
CVE-2018-10060
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitizeuri function in lib/functions.php...