9 matches found
EUVD-2014-4917
Malware in sbrugna...
CVE-2014-5018
Incomplete blacklist vulnerability in the autoEscape function in commonhelper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting XSS attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume...
PT-2023-16691 · WordPress · Intuitive Custom Post Order
Name of the Vulnerable Software and Affected Versions: Intuitive Custom Post Order plugin for WordPress versions up to, and including, 3.1.3 Description: The issue arises from insufficient escaping on the user-supplied objects and tags parameters and a lack of sufficient preparation in the update...
CVE-2017-11174
In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...
CVE-2014-5018
Incomplete blacklist vulnerability in the autoEscape function in commonhelper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting XSS attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume...
Cross site scripting
Incomplete blacklist vulnerability in the autoEscape function in commonhelper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting XSS attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume...
CVE-2014-5018
Incomplete blacklist vulnerability in the autoEscape function in commonhelper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting XSS attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume...
CVE-2014-5018
CVE-2014-5018 affects LimeSurvey 2.05+ Build 140618, where an incomplete blacklist in the autoEscape function of common_helper.php can allow remote XSS via the GBK charset in the loadname parameter of index.php, related to the survey resume. The connected Red Hat and CVE records confirm the vulne...
phpcms2008 & phpcms2007 GBK版ask/search_ajax.php SQL注射漏洞
PHPCMS 是国内领先的网站管理系统,同时也是一个开源的PHP开发框架 漏洞文件:ask/searchajax.php code: ?php require './include/common.inc.php'; requireonce MODROOT.'include/ask.class.php'; $ask = new ask; header'Content-type: text/html; charset=utf-8'; ifstrtolowerCHARSET != 'utf-8' $q = iconvCHARSET, 'utf-8', $q; if$q $where = "...