CVE-2017-12655

Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action...

Cross site scripting

Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action...

CVE-2017-12655

NexusPHP 1.5 is affected by a Cross-Site Scripting (XSS) vulnerability in log.php, dailylog action, exploitable via the query parameter. The vulnerability allows injection of Web script/HTML and, per CVE data, has PII-impacting integrity (I) but no confidentiality or availability impacts reported...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in 1 revision.php, 2 log.php, 3 listing.php, and 4 comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a a file or b directory in a repository...

CVE-2016-2511

Cross-site scripting XSS vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php...

Cross site scripting

Cross-site scripting XSS vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php...

CVE-2016-2511

CVE-2016-2511 is a cross-site scripting (XSS) vulnerability affecting WebSVN 2.3.3 and earlier, exploitable via the path parameter to log.php. Public documents corroborate affected versions and provide concrete fixes in vendor advisories: Fedora updates (e.g., FEDORA-2016-657 and FEDORA-2016-1153...

CVE-2016-2511

Cross-site scripting XSS vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php...

WebSVN 2.3.3 log.php文件path参数 跨站脚本漏洞

No description provided by source...

V-webmail 1.6.4 includes/pear/Log.php CONFIG[pear_dir] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues can allow an attacker to compromise the application and t...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by 1 log.php or 2 logerror.php, a different vulnerability than CVE-2007-6459...

Remote file inclusion

PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha 0.2.0 allows remote attackers to include and execute arbitrary files via unspecified vectors. NOTE: the original disclosure is likely erroneous...

CVE-2007-5258

PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha 0.2.0 allows remote attackers to include and execute arbitrary files via unspecified vectors. NOTE: the original disclosure is likely erroneous...

CVE-2007-5258

CVE-2007-5258 affects phpFreeLog v0.2.0 (log.php) with a remote file inclusion vulnerability that allows an attacker to include and execute arbitrary files via unspecified vectors. The underlying cause is not detailed in the provided sources beyond RFI in log.php. No concrete exploitation details...

CVE-2007-5258

PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha 0.2.0 allows remote attackers to include and execute arbitrary files via unspecified vectors. NOTE: the original disclosure is likely erroneous...

Campsite 2.6.1 - Log.php?g_documentRoot Remote File Inclusion

Campsite 2.6.1 - Log.php?gdocumentRoot Remote File Inclusion source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Call-ID, 4 User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by...

Remote Code Execution in artmedic Newsletter 4.1 [log.php]

I found a bug in artmedic Newsletter 4.1 proably even in newer versions which lets an attacker run arbitrary php-code and bypass the password protection. The reason for this is mistake in design. log.php: ?php $time = time; $date = date"d.m.Y, H:i:s"; $remote = getenv"REMOTEADDR"; $ip =...

CVE-2004-2028

CVE-2004-2028 describes a cross-site scripting (XSS) vulnerability in the PHP component used by the e107 CMS, specifically in the stats.php module. The flaw allows remote attackers to inject arbitrary web script or HTML by manipulating the referer parameter sent to log.php. Affected software is e...

CVE-2004-2028

Cross-site scripting XSS vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php...