WordPress Storage XSS Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Plugin v2.0, which can be exploited by an attacker to...

The vulnerability of the WAGO Ethernet controller, related to deficiencies in authentication procedures, allows a perpetrator to alter certain special parameters without being authenticated.

The vulnerability of the WAGO Ethernet controller is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to modify certain special parameters without being authenticated...

Logic flaw vulnerability in yunyecms (CNVD-2020-10010)

yunyecms is an enterprise website building system that focuses on enterprise website construction. yunyecms has a logic flaw vulnerability, attackers can use the vulnerability to modify the price parameters at will...

Information Disclosure

Wordpress is vulnerable to Information Disclosure. The vulnerability exists in the wpprepareattachmentforjs function in media.php where a remote attacker can modify the parameter authorname as part of a request to /wp-json/oembed/1.0/embed?url which would lead to path disclosure...

CVE-2018-12317

OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter...

CVE-2017-1785

IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859...

FIYO CMS elevation of privilege vulnerability (CNVD-2017-04336)

Fiyo CMS is a content management system CMS for creating CMS templates. An elevation of privilege vulnerability exists in FIYO CMS version 2.0.6.1. An attacker can exploit the vulnerability to gain privileges by modifying parameters...

CVE-2017-5142

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management...

CVE-2016-0894

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter...

CVE-2011-3645

Newgen OmniDocs vulnerability CVE-2011-3645 exists in the Omnidocs web interface. Multiple parameter manipulations enable unauthorized privilege escalation and bypass of access controls: modifying FolderRights in doccab/doclist.jsp can grant arbitrary permissions (including rights to add/delete f...

Authentication flaw

admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the 1 loginname, 2 password, 3 email, 4 firstname, or 5 lastname parameter...

CVE-2008-6765

CVE-2008-6765 affects ViArt Shop (aka Shopping Cart) 3.5. The vulnerability allows remote attackers to access the contents of an arbitrary shopping cart by supplying a modified cart_name parameter. The available documents do not specify impacted versions beyond 3.5, nor a concrete root cause or r...

CVE-2005-0677

CVE-2005-0677 affects Zorum 3.5 where the file index.php allows remote attackers to perform certain actions as other users by modifying the id parameter. The underlying issue is parameter manipulation that enables privilege escalation within the application, leading to actions executed with anoth...

CVE-2004-1510

WebCalendar allows remote attackers to gain privileges by modifying critical parameters to 1 viewentry.php or 2 upcoming.php...

CVE-2004-0671

Brightmail Spamfilter 6.0 and earlier beta releases allows remote attackers to read mail from other users by modifying the id parameter in a viewMsgDetails.do request...

CVE-2003-0320

header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcmsuseradmin parameter to "1" and modifying the adminroot parameter to point to a URL that contains a Trojan horse header.inc.php script...

CVE-2002-2398

The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter...

CVE-2002-0751

CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified 1 form-to, 2 form-from, and 3 form-results parameters...

CVE-2002-0773

improotdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to improotdir.asp and modifying parameters such as 1 ftp, 2 owwwPath, and 3 oftpPath...

CVE-2002-0773

The CVE-2002-0773 entry describes a vulnerability in imp_rootdir.asp for Hosting Controller that enables remote attackers to copy or delete arbitrary files and directories by issuing a direct request to imp_rootdir.asp and altering parameters (1) ftp, (2) owwwPath, and (3) oftpPath). Affected sof...