14 matches found
EUVD-2008-6088
Malware in sbrugna...
WordPress plugin Ultimate Member 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
CVE-2024-9228
The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-9228
Mode C: Details available. The CVE concerns the WordPress plugin Loggedin – Limit Active Logins, affected all versions up to 1.3.1. The vulnerability is Reflected Cross-Site Scripting caused by insufficient escaping in add_query_arg, exploitable by unauthenticated attackers when the user is shown...
WordPress Loggedin plugin <= 1.3.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Loggedin versions = 1.3.1...
WordPress Loggedin Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Loggedin Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9228 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ab329401c416 Credits vgo0 Required privilege...
WordPress plugin Loggedin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
Wifi Soft Unibox Administration 3.0 & 3.1 - SQL Injection Vulnerability
Exploit Title: Wifi Soft Unibox Administration 3.0 & 3.1 Login Page - Sql Injection Google Dork: intext:"Unibox Administration 3.1", intext:"Unibox 3.0" Exploit Author: Ansh Jain @sudoark Author Contact : email protected Vendor Homepage: https://www.wifi-soft.com/ Software Link:...
PT-2023-10101 · Teknet · Teknet
Name of the Vulnerable Software and Affected Versions: kirill2485 TekNet affected versions not specified Description: A problematic issue was found in the software, allowing for cross-site scripting through the manipulation of the statusentery argument in an unknown function of the file...
FlexCMS 2.5 Blind SQL Injection
============================================= FlexCMS Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 + Discovered By : Inj3ct0r + Site : Inj3ct0r.com + Support e-mail : submitatinj3ct0r.com ...
Authentication flaw
Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin...
CVE-2008-4622
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1...
Authentication flaw
index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account...
TrueGalerie admin.php loggedin Parameter Admin Authentication Bypass
Binary data 1548.prm...