Code-Projects Pharmacy Management System SQL注入漏洞

Code-Projects Pharmacy Management System is a Code-Projects open source pharmacy management system. Code-Projects Pharmacy Management System version 1.0 suffers from a SQL injection vulnerability that originates from the parameter id of the file /index.php?action=editSalesman that can lead to SQL...

PHPJabbers Make an Offer Widget 跨站脚本漏洞

Make An Offer Widget is a simple offer application. A security vulnerability exists in PHPJabbers Make an Offer Widget v1.0, which is caused by a cross-site scripting vulnerability in the "action" parameter of the index.php file...

CVE-2020-11712

Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...

The vulnerability in the /web/Lib/Action/IndexAction.class.php file of the software controller for D-Link Central WiFi Manager CWM(100) allows a hacker to execute arbitrary code.

The vulnerability of the /web/Lib/Action/IndexAction.class.php component of the software controller for D-Link Central WiFi Manager CWM100 centralized wireless network management system is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow an attacker ...

CollabNet Subversion Edge indes local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "listViewItem" parameter of the "index" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...

CollabNet Subversion Edge Management listViewItem LFI

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "listViewItem" parameter of the "index" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 db parameter on the login page or 2 username parameter in a login.index action to index.php and other unspecified parameters...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a server via a server action or 2 enable a search index via an enable index action...

CVE-2008-3101

Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via 1 the parenttab parameter in an index action to the Products module, as reachable through index.php; 2 the userpassword parameter in an Authenticate action to th...

CVE-2008-3101

Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via 1 the parenttab parameter in an index action to the Products module, as reachable through index.php; 2 the userpassword parameter in an Authenticate action to th...

CVE-2007-6461

Multiple cross-site scripting XSS vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via 1 the query string in an index action, related to the savesearch JavaScript function; and 2 the details parameter in a details action,...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via 1 the query string in an index action, related to the savesearch JavaScript function; and 2 the details parameter in a details action,...