CVE-2025-52564

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...

EUVD-2008-6171

Malware in sbrugna...

CVE-2006-4938

help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message...

OIC Exponent CMS 输入验证错误漏洞

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. An input validation error vulnerability exists in Exponen...

CVE-2017-12586

SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users...

CVE-2017-12586

The CVE-2017-12586 issue affects SLiMS 8 Akasia up to version 8.3.1. Affected component: admin/help.php URL parameter handling, where a directory traversal flaw allows arbitrary file reading. It can be exploited by remote authenticated librarian users. The connected sources confirm the vulnerabil...

caron.yann.free.fr XSS vulnerability

Vulnerable URL: http://caron.yann.free.fr/algoid/help.php?name==referenceEN Details: Description| Value ---|--- Patched:| Yes, at 09.04.2017 Latest check for patch:| 09.04.2017 13:06 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

ridefox.com XSS vulnerability

Vulnerable URL: http://www.ridefox.com/help.php?m=bike1%22--%3E%3C/script%3E%3Csvg/onload=%27;alert%28/OPENBUGBOUNTY/%29;%27%3E=bchelp Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank...

WordPress Tidio Gallery Plugin <= 1.1 - Cross Site Scripting (XSS)

This vulnerability is in the php code /tidio-gallery/popup-insert-help.php. Solution Update the plugin...

Mallbuilder help.php 文件 type 参数SQL注入漏洞

0x01漏洞简介 Mallbuilder文件help.php对type参数过滤不严，导致出现SQL注入漏洞。 0x02漏洞详情 首先来看看全局文件 function magic if!getmagicquotesgpc&&isset$POST foreach$POST as $key=$v if!isarray$v $POST$key=addslashes$v; else foreach$v as $skey=$sv if!isarray$sv $POST$key$skey=addslashes$sv; else if$sssv foreach$sv as $sskey=$ssv...

clickoff.goodbyegraffiti.com XSS vulnerability

Vulnerable URL: http://clickoff.goodbyegraffiti.com/help/help.php?pagetitle=...

Moodle Help Script 1.x Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10718/info It is reported that Moodle is susceptible to a cross-site scripting vulnerability in the 'help.php' script. This issue is due to a failure of the application to properly sanitize user-supplied input prior to...

ZZ FlashChat <= 3.1 - (help.php) Local File Inclusion Vulnerability

No description provided by source. Title : ZZ:FlashChat Local File Inclusion Vulnerability Source : http://download.zehnet.de/index.php Author : d3hydr8 Homepage : http://www.darkc0de.com Vuln: : /chat/admin/inc/help.php?file=LFI milw0rm.com 2007-10-19...

Vikingboard Viking board 0.1b help.php act Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/19916/info Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to steal cookie-based...

Moodle 1.1/1.2 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10251/info It has been reported that Moodle is susceptible to a cross-site scripting vulnerability in the 'help.php' script. This issue is due to a failure of the application to properly sanitize user-supplied input prior...

TrustPort WebFilter help.php hf Parameter Directory Traversal

The TrustPort WebFilter administration console install listening on this port fails to sanitize user input to the 'hf' parameter of the 'help.php' script before using it to return the contents of a file. An unauthenticated, remote attacker can leverage this issue to view arbitrary files on the...

Trustport Webfilter 5.5.0.2232 - Directory Traversal Vulnerability

Exploit for windows platform in category web applications Trustport Webfilter Remote File Access Vulnerability ==================================================== Affected Product ---------------- Product Name: Trustport Webfilter Product Version: 5.5.0.2232 Platform: Microsoft Windows...

CVE-2011-5190

Multiple cross-site scripting XSS vulnerabilities in Social Book Facebook Clone 2010 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to 1 signup.php, 2 lostpass.php, 3 login.php, 4 index.php, 5 helptos.php, 6 helpcontact.php, or 7 help.php...

Cyclope Employee Surveillance Solution Local File Inclusion Vulnerability

This host is running Cyclope Employee Surveillance Solution and is prone to local file inclusion vulnerability. OpenVAS Vulnerability Test $Id: gbcyclopeemployeesurveillancelfivuln.nasl 7577 2017-10-26 10:41:56Z cfischer $ Cyclope Employee Surveillance Solution Local File Inclusion Vulnerability...

CVE-2010-4693

Multiple cross-site scripting XSS vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 h and 2 t parameters to help.php, or 3 picfileXXX parameter to searchnew.php...