25 matches found
EUVD-2018-18118
Malware in sbrugna...
EUVD-2006-1786
Malware in sbrugna...
EUVD-2006-1166
Malware in sbrugna...
PT-2025-6522 · WordPress · S2Member Pro
Name of the Vulnerable Software and Affected Versions: s2Member Pro plugin for WordPress versions up to, and including, 241216 Description: The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input from the s2member pro remote op parameter...
Cross site scripting
Cross Site Scripting XSS in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter...
Racktables 跨站脚本漏洞
Racktables is a data center asset management system. It is used for data center and server room asset management. Racktables suffers from a cross-site scripting vulnerability that originates from cross-site scripting XSS in the redirection module that allows attackers to inject arbitrary web scri...
Easy Hosting Control Panel Cross-Site Scripting Vulnerability (CNVD-2018-12711)
Easy Hosting Control Panel EHCP is an open source hosting control panel that is used to manage domains, emails, ftp users and more. A cross-site scripting vulnerability exists in EHCP version 0.37.12.b. The vulnerability stems from the program failing to properly validate user input. A remote...
CVE-2018-6361
Easy Hosting Control Panel EHCP v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account...
CVE-2018-6361
The CVE-2018-6361 entry affects Easy Hosting Control Panel (EHCP) v0.37.12.b. The connected sources describe a Cross-Site Scripting (XSS) vulnerability triggered through the op parameter, enabling an attacker to add a backdoor FTP account. The underlying issue is inadequate input validation/sanit...
Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-02843)
Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4. A remote attacker can exploit this vulnerability by sending the 'op' parameter to the include\spacecp\spacecpupload.php file to inject arbitrary web script or HTML...
CVE-2018-5376
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpupload.php op parameter...
Design/Logic Flaw
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpupload.php op parameter...
CVE-2018-5376
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpupload.php op parameter...
CVE-2018-5376
CVE-2018-5376 affects Discuz! DiscuzX X3.4, with a cross-site scripting (XSS) vulnerability exploitable via the include/cp/cp_upload.php op parameter. The underlying issue is an input handling flaw in that parameter enabling arbitrary script/HTML injection. CVSS data indicate network access with ...
Code injection
Coursemill Learning Management System LMS 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter...
Jinzora Media Jukebox 2.8 - 'name' Local File Inclusion
:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl Jinzora Media Jukebox = 2.8 Local File Inclusion Vulnerability Script site: http://jinzora.com/ ,...
CVE-2008-2483
Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the op parameter...
CVE-2006-5564
Cross-site scripting XSS vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
CVE-2006-1786
Cross-site scripting XSS vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via 1 the actionID parameter in ads-readerext and 2 the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses...
Cross site scripting
Cross-site scripting XSS vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via 1 the actionID parameter in ads-readerext and 2 the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses...