20 matches found
Drupal Open redirect vulnerability in the drupal_goto function
Open redirect vulnerability in the drupalgoto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter...
GHSA-GXWX-C7M8-F95H Drupal Open redirect vulnerability in the drupal_goto function
Open redirect vulnerability in the drupalgoto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter...
CVE-2016-3167
CVE-2016-3167 concerns Drupal 6.x prior to 6.38 where the open redirect is caused in the core function drupal_goto . When used with PHP before 5.4.7, a double-encoded value in the destination parameter enables remote attackers to redirect users to arbitrary external sites, facilitating phishing-s...
Internet Bug Bounty: Use after free with assign by ref to overloaded objects
Reported: 2015-07-15 16:30 UTC Fixed: 2015-07-21 14:20 UTC Bug Report: https://bugs.php.net/bug.php?id=70083 Fixed in PHP 5.6: http://git.php.net/?p=php-src.git;a=commitdiff;h=f57cb13c566613eec0e1c2f6d96d18565436a9b7 Fixed in 7:...
Ovidentia 7.9.4 - Multiple Vulnerabilities
No description provided by source. ? Ovidentia 7.9.4 Multiple Remote Vulnerabilities Vendor: Cantico Product web page: http://www.ovidentia.org Affected version: 7.9.4 Summary: Ovidentia is both a content management system CMS and a collaborative environment Groupware. Desc: Input passed via...
LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities
No description provided by source. ? LimeSurvey v2.00+ build 131107 Script Insertion And SQL Injection Vulnerability Vendor: LimeSurvey Project Team Product web page: http://www.limesurvey.org Affected version: 2.00+ build 131009 2.00+ build 131022 2.00+ build 131031 2.00+ build 131107 Summary:...
ImpressPages CMS 3.6 - Remote Arbitrary File Deletion Vulnerability
No description provided by source. ? ImpressPages CMS v3.6 Remote Arbitrary File Deletion Vulnerability Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6 Summary: ImpressPages CMS is an open source web content management system with revolutionary drag &...
BoxBilling 3.6.11 - mod_notification Persistent Cross-Site Scripting
BoxBilling 3.6.11 - modnotification Persistent Cross-Site Scripting BoxBilling 3.6.11 modnotification Stored Cross-Site Scripting Vulnerability Vendor: BoxBilling Product web page: http://www.boxbilling.com Affected version: 3.6.11 modnotification 1.0.0 Summary: BoxBilling is a free billing,...
LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities
LimeSurvey 2.00+ build 131107 - Multiple Vulnerabilities LimeSurvey v2.00+ build 131107 Script Insertion And SQL Injection Vulnerability Vendor: LimeSurvey Project Team Product web page: http://www.limesurvey.org Affected version: 2.00+ build 131009 2.00+ build 131022 2.00+ build 131031 2.00+...
Practico 13.9 XSS / CSRF / SQL Injection
Practico 13.9 Multiple Vulnerabilities Vendor: Practico Product web page: http://www.codigoabierto.org Affected version: 13.9 Summary: Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely visual and fast fashion. Without...
Practico 13.9 - Multiple Vulnerabilities
Practico 13.9 - Multiple Vulnerabilities Practico 13.9 Multiple Vulnerabilities Vendor: Practico Product web page: http://www.codigoabierto.org Affected version: 13.9 Summary: Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely...
Practico 13.9 - Multiple Vulnerabilities
Practico 13.9 Multiple Vulnerabilities Vendor: Practico Product web page: http://www.codigoabierto.org Affected version: 13.9 Summary: Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely visual and fast fashion. Without...
ImpressPages CMS 3.6 Arbitrary File Deletion
ImpressPages CMS v3.6 Remote Arbitrary File Deletion Vulnerability Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6 Summary: ImpressPages CMS is an open source web content management system with revolutionary drag & drop interface. Desc: Input passed to...
ImpressPages CMS 3.6 Cross Site Scripting / SQL Injection
ImpressPages CMS v3.6 Multiple XSS/SQLi Vulnerabilities Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6 Summary: ImpressPages CMS is an open source web content management system with revolutionary drag & drop interface. Desc: Input passed via several...
WordPress WooCommerce 2.0.17 Cross Site Scripting
Wordpress WooCommerce Plugin 2.0.17 Cross-Site Scripting Vulnerability Vendor: WooThemes Product web page: http://www.woothemes.com Affected version: 2.0.17 and 2.0.14 Summary: WooCommerce is an open source e-commerce plugin for WordPress. Desc: The plugin suffers from a XSS issue due to a...
Gnew 2013.1 - Multiple Vulnerabilities (1)
Gnew 2013.1 - Multiple Vulnerabilities 1 Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities Vendor: Raoul Proença Product web page: http://www.gnew.fr Affected version: 2013.1 Summary: Gnew is a simple Content Management System written with PHP language and using a database server MySQL,...
Gnew 2013.1 Cross Site Scripting / SQL Injection Vulnerabilities
Gnew 2013.1 suffers from cross site scripting and remote SQL injection vulnerabilities. Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities Vendor: Raoul Proença Product web page: http://www.gnew.fr Affected version: 2013.1 Summary: Gnew is a simple Content Management System written with...
FluxBB 1.5.3 - Multiple Vulnerabilities
Exploit for php platform in category web applications !-- FluxBB 1.5.3 Multiple Remote Vulnerabilities Vendor: FluxBB Product web page: http://www.fluxbb.org Affected version: 1.5.3 Summary: FluxBB is fast, light, user-friendly forum software for your website. Desc: FluxBB suffers from a cross-si...
FluxBB 1.5.3 - Multiple Vulnerabilities
!-- FluxBB 1.5.3 Multiple Remote Vulnerabilities Vendor: FluxBB Product web page: http://www.fluxbb.org Affected version: 1.5.3 Summary: FluxBB is fast, light, user-friendly forum software for your website. Desc: FluxBB suffers from a cross-site scripting, cross-site request forgery and URL...
Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable
Product Name: Vanilla Forums Vulnerable Version: Up to vanilla-core-2-0-18-4 Tested on: Windows Server 2003 Apache 2.4.3 PHP 5.4.7 MySQL 5.5.27 Vulnerability Overview: SQL-Injection is possible, because$POST arrays are not proper sanitized. You do not need to be authenticated. Vulnerability...