18 matches found
EUVD-2008-6995
Malware in sbrugna...
EUVD-2006-2089
Malware in sbrugna...
EUVD-2007-1599
Malware in sbrugna...
EUVD-2006-5928
Malware in sbrugna...
EUVD-2014-8849
Malware in sbrugna...
CVE-2024-39782
Multiple OS command injection vulnerabilities exist in the adm.cgi schreboot functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command...
CVE-2023-48828
Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...
CVE-2022-34972
So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the attvalueid , manuvalueid , optvalueid , and subcatevalueid parameters at /index.php?route=extension/module/sofiltershopby/filterdata...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...
WakaTime: [wakatime.com] HTML Injection github-btn.html
Description === Vulnerable parameter: user Vulnerable script: https://wakatime.com/static/html/github-btn.html Vulnerable code: js var params = function var vars = , hash; var hashes = window.location.href.slicewindow.location.href.indexOf"?" + 1.split"&"; forvar i = 0; i...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnewtemplate parameter to 1 users/profile.php, 2 articles/index.php, or 3 admin/polls.php; 4 categoryid parameter to news/submit.php; newsid parameter to 5...
CVE-2010-1328
Multiple cross-site scripting XSS vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tipo or 2 destino parameter to loginregistrese.php3 in the Services section, 3 the rubro parameter to precios.php3 in the Products section, 4...
Sql injection
Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via 1 the origmsg parameter to account-inbox.php; the categ parameter to 2 delreq.php and 3 admin-delreq.php; 4 the choice parameter to index.php; 5 the id...
Sql injection
Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 hitcounter.asp, 2 userdelete.asp, and 3 userupdate.asp; 4 the userid parameter to adminlogin.asp aka the USERNAME field in admin.asp; and 5 the PassWord paramete...
CVE-2008-3251
Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the opp parameter to tampereunited/opponent.php; or the id parameter to 2 index.php, 3 player.php, 4 matchdetails.php, or 5 additionalpage.php in tampereunited/...
CVE-2007-3535
Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 FORUMLANGUAGE parameter to functions.php or the 2 style parameter to bottom.php...
CVE-2007-1443
Multiple cross-site scripting XSS vulnerabilities in register.php in Woltlab Burning Board wBB 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the 1 rusername, 2 remail, 3 rpassword, 4 rconfirmpassword, 5 rhomepage, 6 ricq, 7 raim, 8 ryim, ...
CVE-2002-1499
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via 1 the authornumber parameter in author.asp, 2 the discussblurbid parameter in discuss.asp, 3 the name parameter in holdcomment.asp, and 4 the email parameter in...