83 matches found
CVE-2014-4723
Cross-site scripting XSS vulnerability in the Easy Banners plugin 1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter to wp-admin/options-general.php...
CVE-2014-4717
Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...
Qualiteam X-Cart 3.x general.php perl_binary Parameter Arbitrary Command Execution
No description provided by source. source: http://www.securityfocus.com/bid/9560/info X-Cart has been reported to be prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system. The issue is caused by a failure of the application to sanitize values...
Polaring <= 0.04.03 (general.php) Remote File Include Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '64020' ssvid version = '1.0' author = '皮皮' vulDate = '2006-09-28' createDate = '2015-12-24...
Quick.Cart <= 2.0 (actions_client/gallery.php) Local File Include Exploit
No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
Simple Share Buttons Adder 4.4 - options-general.php Multiple Admin Actions CSRF
The Simple Share Buttons Adder WordPress plugin was affected by an options-general.php Multiple Admin Actions CSRF security vulnerability...
Cross site scripting
Cross-site scripting XSS vulnerability in the cmstpvadminhead function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cmstpvview parameter to wp-admin/options-general.php...
CVE-2013-1758
Cross-site scripting XSS vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information...
CVE-2013-1758
CVE-2013-1758 affects the Marekkis Watermark WordPress plugin (version 0.9.2) and enables cross-site scripting via the pfad parameter to wp-admin/options-general.php. The flaw is a reflective XSS in the admin path, allowing remote attackers to inject arbitrary script/HTML. Public sources consiste...
CVE-2013-6992
Cross-site request forgery CSRF vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the aafireadco...
WordPress Tweet Blender Plugin <= 4.0.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "tbtabindex" parameter to wp-admin/options-general.php. Solution Update the plugin...
WordPress User Photo Plugin <= 0.9.5.1 - XSS
Because of this vulnerability in user-photo.php, attackers can inject arbitrary web script or HTML via the PATHINFO to wp-admin/options-general.php. Solution Update the plugin...
CVE-2008-0205
Multiple cross-site request forgery CSRF vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the 1 mcspoptmsgnoanswer or 2 mcspoptmsgwronganswer parameter to...
Sql injection
SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the pageoptions parameter to 1 options-general.php, 2 options-writing.php, 3 options-reading.php, 4 options-discussion.php, 5 options-privacy.php, 6...
CVE-2007-3138
Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in an sLanguage cookie, which is used to define a value in config/general.php...
QualiteamXCart远程命令执行漏洞
X-Cart是一款基于PHP的电子商务程序。X-Cart没有充分过滤URI的参数值,远程攻击者可以利用这个漏洞以WEB进程权限执行任意命令。问题存在与'admin/general.php'脚本上,由于对perlbinary参数值缺少充分过滤,提交任意SHELL命令,可导致以WEB进程权限在系统上执行任意命令。 Qualiteam X-Cart3.4.3 厂商补丁:Qualiteam --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.x-cart.com/...
Quick.Cart <= 2.0 (actions_client/gallery.php) Local File Include Exploit
No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
Quick.Cms.Lite <= 0.3 (Cookie sLanguage) Local File Include Exploit
Exploit for unknown platform in category web applications =================================================================== Quick.Cms.Lite = 0.3 Cookie sLanguage Local File Include Exploit =================================================================== ? print ' ::::::::: :::::::::: ::: :::...
Quick.CMS.Lite 0.3 - Cookie sLanguage Local File Inclusion
DEVIL TEAM IRC: 72.20.18.6:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon TomZen, Gelo, Ramzes, DMX, Ci2u,...