EUVD-2020-17835

Malware in sbrugna...

EUVD-2016-1975

Malware in sbrugna...

CVE-2016-10984

The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter...

CVE-2024-10290 ZZCMS inc.php information disclosure

A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...

CVE-2024-10290

Summary of details (CVE-2024-10290): The vulnerability affects ZZCMS 2023, specifically an issue in the file path 3/qq-connect2.0/API/com/inc.php. The underlying effect is information disclosure, with the attack described as exploitable remotely. The public release of the exploit is noted in mult...

CVE-2023-36319

File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file...

Unrestricted file upload

File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file...

CVE-2023-36319

File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file...

CVE-2021-40972

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter...

CVE-2021-40973

Removed by vendor...

Directory traversal

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files even though...

CVE-2016-10984

The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter...

CVE-2016-10984

The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter...

Design/Logic Flaw

The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter...

CVE-2016-10984

The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter...

CVE-2016-10984

The EchoSign plugin for WordPress (pre-1.2) is affected by a reflected XSS via the inc.php page parameter. This vulnerability is documented across multiple sources (NVD, Red Hat, CVE lists, WPVulnDB) noting the plugin version constraint and the XSS vector. No exploit or workaround details are pro...

JTBC (PHP) Access Control Error Vulnerability

JTBC PHP is a PHP-based open source content management system CMS. cache management module is one of the cache management module . An access control error vulnerability exists in the cache management module in JTBC PHP version 3.0.1.8. An attacker can exploit this vulnerability to delete any file...

In-link <= 2.3.4 (ADODB_DIR) Remote File Include Vulnerabilities

No description provided by source. ================================================================= in-link =2.3.4 adodb-postgres7.inc.php Remote File Inclusion Exploit ================================================================ Critical Level : Dangerous By Saudi Hackrz...

Family Connection 1.8.2 SQL Injection

Salvatore "drosophila" Fresta + Application: Family Connection + Version: = 1.8.2 + Website: http://www.familycms.com + Bugs: A Blind SQL Injection + Exploitation: Remote + Date: 1 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...

CVE-2006-4618

PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODBDIR parameter...