48 matches found
EUVD-2016-1275
Malware in sbrugna...
EUVD-2006-1766
Malware in sbrugna...
CVE-2024-12843
A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclos...
CVE-2024-12843 Emlog Pro plugin.php cross site scripting
A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclos...
CVE-2024-12843 Emlog Pro plugin.php cross site scripting
A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclos...
CVE-2024-31459 Cacti RCE vulnerability by file include in lib/plugin.php
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the lib/plugin.php file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the apipluginho...
CVE-2020-19028
File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function...
Cross site request forgery (csrf)
A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbkbttnplgnsettingspage of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be...
CVE-2012-10012 BestWebSoft Facebook Like Button facebook-button-plugin.php fcbk_bttn_plgn_settings_page cross-site request forgery
A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbkbttnplgnsettingspage of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be...
Multiple e-plugins - Subscriber+ Privilege Escalation
The plugins, sold by the same developer e-plugins, do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function ivdirectoriesupdateprofilesetting uses updateusermeta with any data provided by the ajax call, which can be used to give the logged in...
Emlog Authorization Issues Vulnerabilities
Emlog is a PHP and MySQL based CMS builder for Emlog personal developers. A license issue vulnerability exists in Emlog, which stems from the product's lack of an effective restriction added to the admin/plugin.php file deletion feature. An attacker can exploit this vulnerability to delete...
CVE-2020-21014
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php...
CVE-2020-21014
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php...
Arbitrary file deletion
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php...
CVE-2020-21014
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php...
CVE-2020-21014
CVE-2020-21014 affects emlog v6.0.0. The vulnerability is an arbitrary file deletion flaw in admin/plugin.php, arising from insufficient access restriction in the plugin deletion logic. Impact stated in sources is the ability to delete arbitrary files on the server. No exploit vectors or exploit ...
Cross-site Scripting (XSS)
ZoneMinder is vulnerable to cross-site scripting. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description GET parameter ?plugin= of plugin.php is vulnerable to reflected cross site scripting. plugin.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in plugin.php 🕵️♂️ Proof of Concept 1. Visit...
CVE-2020-15026
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php...
Directory traversal
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php...