348 matches found
CVE-2015-5456
Cross-site scripting XSS vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable and form actions...
CVE-2015-5456
PivotX is affected by CVE-2015-5456: an XSS in the form method (modules/formclass.php) present in PivotX versions before 2.3.11. The vulnerability is triggered via PATH_INFO (related to PHP_SELF) and form actions, allowing remote injection of script/html with no authentication. NVD notes CVSSv2 b...
phpliteadmin 1.1 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: CSRF & XSS Google Dork: intitle: CSRF & XSS Date: 2015-07-05 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: bitbucket.org/phpliteadmin Software Link: bitbucket.org/phpliteadmin Version: v1...
CVE-2014-8365
Multiple cross-site scripting XSS vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 email parameter to contact.php or 3 PATHINFO to setup.php, related to the "PHPSELF" variable...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 email parameter to contact.php or 3 PATHINFO to setup.php, related to the "PHPSELF" variable...
CVE-2014-8365
Multiple cross-site scripting XSS vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 email parameter to contact.php or 3 PATHINFO to setup.php, related to the "PHPSELF" variable...
CVE-2014-8365
CVE-2014-8365 affects the Xornic Contact Us component, with XSS weaknesses exploitable via the name or email fields of contact.php or by PATH_INFO to setup.php, related to the PHP_SELF variable. The connected documents confirm this vulnerability class but do not provide product version details, c...
Classic 1.5 - PHP_SELF XSS
The Classic WordPress theme was affected by a PHPSELF XSS security vulnerability...
cmseasy最新版(20140718)存储型XSS盲打后台
简要描述: 存储型XSS可以盲打后台 详细说明: /lib/table/stats.php 13行getbot函数: public static function getbot $ServerName = $SERVER"SERVERNAME"; $ServerPort = $SERVER"SERVERPORT"; $ScriptName = $SERVER"SCRIPTNAME"; $QueryString = $SERVER"QUERYSTRING"; $serverip = $SERVER"REMOTEADDR"; $GetLocationURL=self::geturl;...
Type confusion
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...
UseBB 1.0.7 install/upgrade-0-3.php PHP_SELF Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/24990/info UseBB is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in...
OSSIM 2.2.1 '$_SERVER['PHP_SELF']' Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/39145/info OSSIM is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
jaf cms 4.0 rc2 - Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22665 Reference: http://www.htbridge.ch/advisory/shellcreatecommandexecutioninjafcms.html Product: JAF CMS Vendor: JAF CMS http://jaf-cms.sourceforge.net/ Vulnerable Version: 4.0 RC2 Vendor Notification: 21 October 2010 Vulnerability Type:...
QuickCms 5.4 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: QuickCms 5.4 Multiple Vulnerabilites Date: 04/08/2014 Author: shpendk Software Link: http://opensolution.org/download,en,18.html?sFile=Quick.Cms/Quick.Cmsv5.4.zip Version: 5.4 Tested on: Xampp on Windows Reflected XSS Vulnerability in Admin Area: Trigger:...
Quick.CMS 5.4 - Multiple Vulnerabilities
Exploit Title: QuickCms 5.4 Multiple Vulnerabilites Date: 04/08/2014 Author: shpendk Software Link: http://opensolution.org/download,en,18.html?sFile=Quick.Cms/Quick.Cmsv5.4.zip Version: 5.4 Tested on: Xampp on Windows Reflected XSS Vulnerability in Admin Area: Trigger:...
QuickCms 5.4 - Multiple Vulnerabilites
Exploit for php platform in category web applications Exploit Title: QuickCms 5.4 Multiple Vulnerabilites Date: 04/08/2014 Author: shpendk Software Link: http://opensolution.org/download,en,18.html?sFile=Quick.Cms/Quick.Cmsv5.4.zip Version: 5.4 Tested on: Xampp on Windows Reflected XSS...
FreePBX 'usersnum'参数远程命令执行漏洞
BUGTRAQ ID: 65756 FreePBX是开源Web PBX解决方案。 FreePBX 2.x版本和其他版本在实现上存在远程命令执行漏洞,攻击者可利用此漏洞在受影响应用上下文中执行任意命令。 0 FreePBX FreePBX 2.x 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://freepbx.org/trac Vulnerable function "recordingaddpage" @ admin/modules/recordings/page.recordings.php function...
[SOJOBO-ADV-13-02] - MODx 2.2.10 Reflected Cross Site Scripting
SOJOBO-ADV-13-02 - MODx 2.2.10 Reflected Cross Site Scripting I. Information ================== Name : MODx 2.2.10 Reflected Cross Site Scripting Software : MODx 2.2.10 and possibly below. Vendor Homepage : http://modx.com/ Vulnerability Type : Reflected Cross-Site Scripting Severity : Low 2/5...
ecshop最新版本后台所有功能块通用SQL注入(全版本亦可)
简要描述: 后台的SQL注入,几乎所有的后台功能块都能用此方法注入,进入后台就可以用此提升下自己的权限了,当然,“进入后台”让这个漏洞鸡肋了,你懂的~~~ 详细说明: $filter = unserializeurldecode$COOKIE'ECSCP''lastfilter'; 这一句是核心,urldecode看到了么?所以啊,只要%27、%2527就能绕过init.php里对$COOKIE的addslashesdeep了~~~ 两个地方: 1.订单详情 /admin/order.php //158行 $filter =...
ArrowChat 1.5.61 Cross Site Scripting / Local File Inclusion
Exploit Title: ArrowChat = 1.5.61 Multiple vulnerabilities Date: 01/01/2013 Exploit Author: Kallimero Vendor Homepage: http://www.sitexcms.org/ Version: 1.5.61, before, and maybe 1.6 Tested on: Debian Introduction ============ ArrowChat is a chat script, which is able to be integrate in various...