SQL injection vulnerability in the C***_fi*** parameter of aj***.php page in the background of S-CMS government website system.

S-CMS is a content management system CMS based on PHP and MySQL. There is a SQL injection vulnerability in the Cfi parameter of the aj.php page in the background of the S-CMS government website building system, which can be exploited by an attacker to obtain sensitive information from the databas...

CVE-2019-14471

TestLink 1.9.19 has XSS via the error.php message parameter...

CVE-2019-13978

Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request...

PAYFORT payfort-php-SDK cross-site scripting vulnerability (CNVD-2019-08574)

PayFort is an online payment gateway. payfort-php-SDK is the PayFort payment gateway SDK. A cross-site scripting vulnerability exists in Amazon PAYFORT payfort-php-SDK on 2018-04-26 and earlier versions, which can be exploited by an attacker via the route.php paymentMethod parameter to conduct a...

CVE-2018-16549

HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter...

DEBIAN-CVE-2018-12483

OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscoveranalyser rzo GET parameter is concatenated to a string used in an exec call in the PHP code. Authentication is needed in order to exploit this vulnerabili...

Muviko 1.1 - SQL Injection

Exploit Title: Muviko 1.1 - Multiple SQL Injection Exploit Author: Ahmad Mahfouz Contact: http://twitter.com/eln1x Date: 09/01/2018 CVE: CVE-2017-17970 Vendor Homepage: https://www.muvikoscript.com Version: 1.1 Tested on: Mac OS...

CVE-2017-17579

FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter...

Multiple cross-site scripting vulnerabilities in LabWiki

LabWiki is a meme plugin. Multiple cross-site scripting vulnerabilities exist in LabWiki 1.1 and earlier versions. A remote attacker can exploit this vulnerability by sending the 'from' parameter to the index.php file or the 'pageno' parameter to the recentchanges.php file to inject arbitrary web...

CVE-2017-14705

DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by...

CVE-2017-14345

SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php...

rockradio.de XSS vulnerability

Vulnerable URL: http://rockradio.de/index1.php?namederseite=suche1jetzt=jasucheintabelle=allen%20Daten Details: Description| Value ---|--- Patched:| No Latest check for patch:| 11.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 533929 VIP website status:| No...

Joomla! googleSearch (CSE) component cross-site scripting vulnerability

Joomla! is an open source content management system. googleSearch component for Joomla! is a custom search engine component for Joomla! A cross-site scripting vulnerability in googleSearch component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q paramet...

CVE-2014-5115

DirPHP 1.0 is affected by an Absolute Path Traversal (Local File Inclusion) via the phpfile parameter to index.php, enabling read access to arbitrary files. Public references (e.g., Exploit-DB, Packet Storm) and OpenVAS describe the issue as a DirPHP LFI vulnerability. The available documents do ...

CVE-2013-1412

DataLife Engine DLE 9.7 allows remote attackers to execute arbitrary PHP code via the catlist parameter to engine/preview.php, which is used in a pregreplace function call with an e modifier...

No title provided

Multiple cross-site scripting XSS vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing HPC Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the 1 hostname or 2 description parameter to host.php, or 3 the hostid paramet...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter to the password reminder page tiki-remindpassword.php, 2 IMG tags in wiki pages, and 3 the localphp parameter to...

CVE-2007-5683

Multiple cross-site scripting XSS vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter to the password reminder page tiki-remindpassword.php, 2 IMG tags in wiki pages, and 3 the localphp parameter to...

Unfixed XSS vulnerability at www.a1webhosting.ph

Security researcher SeeD, has submitted on 10/12/2007 a cross-site-scripting XSS vulnerability affecting www.a1webhosting.ph, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/12/2007. It is currently...

Unfixed XSS vulnerability at www.the-combine.net

Security researcher zuppergazi, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting www.the-combine.net, which at the time of submission ranked 996301 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It is...