CVE-2021-43683

Pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which contains $_REQUEST['hash'], indicating that user-supplied input is echoed back. This entry concerns the product Pictshare 1.5 and the v...

Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution

The plugin allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin. Vendor was notified in July 2021, the issue was...

Arbitrary file deletion

AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site...

CVE-2020-18167

Cross Site Scripting XSS in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu"...

Information disclosure

info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function...

CVE-2020-26150

info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function...

CVE-2020-25786

webinc/js/info.php on D-Link DIR-816L 2.06.B09BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding except in Internet...

CVE-2020-15895

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage...

HealthNode Hospital Management System 1.0 SQL Injection

Exploit Title: HealthNode Hospital Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://sunriseservices.biz/ Software Link: https://codecanyon.net/item/healthnode-hospital-management-system/22368747 Version: 1.0 Category: Webapps...

aqtor.co.jp Improper Access Control vulnerability

Open Bug Bounty ID: OBB-673055 Description| Value ---|--- Affected Website:| aqtor.co.jp Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

canoaclubmilano.it XSS vulnerability

Open Bug Bounty ID: OBB-664246 Description| Value ---|--- Affected Website:| canoaclubmilano.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

avanguard.com.tw XSS vulnerability

Open Bug Bounty ID: OBB-648786 Description| Value ---|--- Affected Website:| avanguard.com.tw Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

kingofnewyorkbmx.com XSS vulnerability

Open Bug Bounty ID: OBB-639969 Description| Value ---|--- Affected Website:| kingofnewyorkbmx.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

sinoflagcn.com XSS vulnerability

Open Bug Bounty ID: OBB-633342 Description| Value ---|--- Affected Website:| sinoflagcn.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

OEcms 3.1 - Cross-Site Scripting

Title: OEcms 3.1 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-06-15 Software: OEcms v3.1 CVE: CVE-2018-12095 Technical Details & Description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1" web-application. The vulnerability is locate...

OEcms 3.1 - Cross-Site Scripting

OEcms 3.1 - Cross-Site Scripting Title: OEcms 3.1 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-06-15 Software: OEcms v3.1 CVE: CVE-2018-12095 Technical Details & Description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1"...

OECMS Cross-Site Scripting Vulnerability

OEcms is an enterprise content management system CMS. A cross-site scripting vulnerability exists in the 'mod' parameter of the info.php file in OEcms version 3.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2018-12095

A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php...

Cross site scripting

A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php...

CVE-2018-12095

OEcms v3.1 is vulnerable to a reflected Cross-Site Scripting flaw in the mod parameter of info.php. The issue arises from improper input handling in the info.php?mod= parameter, enabling attackers to inject arbitrary JavaScript and potentially hijack sessions or access sensitive data. The connect...