CVE-2016-1912

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lastname, 2 firstname, 3 email, 4 job, or 5 signature parameter to htdocs/user/card.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lastname, 2 firstname, 3 email, 4 job, or 5 signature parameter to htdocs/user/card.php...

CVE-2016-1912

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lastname, 2 firstname, 3 email, 4 job, or 5 signature parameter to htdocs/user/card.php...

CVE-2014-1836

ImpressCMS 1.3.5 and earlier contain an absolute path traversal in htdocs/libraries/image-editor/image-edit.php via the image_path parameter in a cancel action, enabling remote attackers to delete arbitrary files. This is associated with CVE-2014-1836 and is documented in multiple advisories (GHS...

CVE-2015-3935

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search searchnom field to 1 htdocs/societe/societe.php or 2 htdocs/societe/admin/societe.php...

Claroline 1.x RQMKHTML.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17344/info Claroline is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scri...

CVE-2013-2209

The CVE-2013-2209 entry corresponds to a Cross-Site Scripting (XSS) in the auto-complete widget (reviews.js) of Review Board. Affected versions are Review Board 1.6.x prior to 1.6.17 and 1.7.x prior to 1.7.10, where an attacker could inject arbitrary script/HTML via the full name. Public details ...

XAMPP 1.7.3 Cross Site Scripting / File Disclosure

/ / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / ,'; if $REQUEST'showcode' != 1 echo ''.$TEXT'global-showcode'.''; else $file = filegetcontentsbasename$SERVER'PHPSELF'; echo "".$TEXT'global-sourcecode'.""; echo ""; echo htmlspecialchars$file; echo ""; ? showcode.php relies...

GDL 4.x (node) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================= GDL 4.x node Remote SQL Injection Vulnerability ================================================= Discovered by g4t3w4y transitory only...

CVE-2008-0613

Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoopsredirect parameter...

CVE-2007-2099

CVE-2007-2099 affects OpenConcept Back-End CMS 0.4.7. The vulnerability is a cross-site scripting (XSS) in htdocs/php.php via the page[] parameter, allowing remote attackers to inject arbitrary script/HTML. The CVSSv2 vector (AV:N/AC:M/Au:N/C:P/I:P/A:P) yields a base score of 6.8 (MEDIUM) with ne...

CVE-2007-2097

OpenConcept Back-End CMS 0.4.7 is affected by CVE-2007-2097, a set of PHP remote file inclusion vulnerabilities. The flaw allows an attacker to execute arbitrary PHP code by providing a URL in the includes_path parameter to multiple PHP files in htdocs/site-admin/ (and related files in htdocs/). ...

SAP R/3 Internet Graphics Server directory traversal

Directory traversal on accesing htdocs folder...