Lucene search
K

967 matches found

WPVulnDB
WPVulnDB
added 2015/04/23 12:0 a.m.14 views

Ultimate Product Catalogue <= 3.1.2 - Unauthenticated SQL Injection

Unauthenticated SQL injection in ajax call when the plugin is counting the times a product is being seen by the web visitors. The vulnerable POST parameter is "ItemID". Vulnerable code: In file Functions/ProcessAjax.php line 67: ... $ItemID = $POST'ItemID'; $Item = $wpdb-getrow"SELECT ItemViews...

2.2AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/04/17 12:0 a.m.3 views

WordPress Plugin MiwoFTP CSRF Arbitrary File Deletion Vulnerability

WordPress is a blogging platform developed using the PHP language, users can set up their own weblogs on servers that support PHP and MySQL databases.MiwoFTP is a smart, fast, lightweight file manager plugin. WordPress plugin MiwoFTP CSRF has a security vulnerability. Due to the input passed to t...

6.7AI score
Exploits0References1
CNVD
CNVD
added 2015/04/16 12:0 a.m.1 views

OrangeHRM /index.php/recruitment/viewCandidates sortField SQL Injection Vulnerability

OrangeHRM is an open source human resource management tools , features include employee data management , employee self-service system , attendance , allowances and recruitment and other functions . OrangeHRM /index.php/recruitment/viewCandidates fails to properly filter the 'sortField' POST...

7.6AI score
Exploits0References1
htbridge
htbridge
added 2015/04/08 12:0 a.m.512 views

Multiple Vulnerabilities in TheCartPress WordPress plugin

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in TheCartPress WordPress plugin, which can be exploited to execute arbitrary PHP code, disclose sensitive data, and perform Cross-Site Scripting attacks against users of WordPress installations with the vulnerable plugin....

7.6CVSS1.3AI score0.21841EPSS
Exploits8Affected Software1
exploitpack
exploitpack
added 2015/04/08 12:0 a.m.20 views

Balero CMS 0.7.2 - Multiple JSHTML Injection Vulnerabilities

Balero CMS 0.7.2 - Multiple JSHTML Injection Vulnerabilities document.cookie="counter=1confirm'XSS'; path=/balerocms/"; csrf+stored xss+filter bypass+session hijack: document.location="http://www.zeroscience.mk/pent...

0.6AI score
Exploits0
WPVulnDB
WPVulnDB
added 2015/03/04 12:0 a.m.11 views

Plugin Info Card <= 2.3.6 - Authenticated XSS

Authenticated XSS via wppic-list POST parameter in the wppicwidgetrender AJAX method which is also lacking CSRF and authorisation checks, even in the fixed version...

5.3AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/01/15 3:0 p.m.25 views

CVE-2014-9561

Cross-site scripting XSS vulnerability in redirlastpostlist.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter...

5.7AI score0.01936EPSS
Exploits1References4
seebug.org
seebug.org
added 2015/01/07 12:0 a.m.41 views

PHPB2B某处sql注入#2

简要描述: PHPB2B某处sql注入2 详细说明: PHPB2B某处sql注入 官网下载的最新版本 绕过全局防注入。 我们先看看全局防注入怎么写的。 以下是全局防注入用到的函数 function pbattackfilter$StrFiltKey,$StrFiltValue,$ArrFiltReq ifisarray$StrFiltValue $StrFiltValue=@implode",", $StrFiltValue; if pregmatch"/".$ArrFiltReq."/is",$StrFiltValue==1 echo $StrFiltValue;...

7.1AI score
Exploits0
NVD
NVD
added 2014/12/23 2:59 a.m.20 views

CVE-2014-8026

Cross-site scripting XSS vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a 1 GET or 2 POST parameter, aka Bug ID CSCus08074...

4.3CVSS5.6AI score0.01792EPSS
Exploits0References4
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.74 views

SQL Injection in Е2

Advisory ID: HTB23222 Product: Е2 Vendor: Ilya Birman Vulnerable Versions: v2844 and probably prior Tested Version: v2844 Advisory Publication: July 2, 2014 without technical details Vendor Notification: July 2, 2014 Vendor Patch: July 3, 2014 Public Disclosure: July 23, 2014 Vulnerability Type:...

7.5CVSS0.3AI score0.02348EPSS
Exploits3
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.67 views

ClipBucket CMS Xss Vulnerability

Xss Vulnerability In ClipBucket CMS @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @...

Exploits0
Debian
Debian
added 2014/09/30 8:33 p.m.98 views

[SECURITY] [DLA 68-1] fex security update

Package : fex Version : 20100208+debian1-1+squeeze4 CVE ID : CVE-2014-3875 CVE-2014-3876 CVE-2014-3877 CVE-2014-3875 When inserting encoded newline characters into a request to rup, additional HTTP headers can be injected into the reply, as well as new HTML code on the top of the website...

6.1CVSS6.1AI score0.01914EPSS
Exploits5
wpexploit
wpexploit
added 2014/08/01 12:0 a.m.12 views

BSK PDF Manager < 2.9.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the view and cattitle POST parameter when creating or editing a category /wp-admin/admin.php?page=bsk-pdf-manager, allowing authenticated users with a role as low as editor to set an XSS payload which will be triggered in the Categories list...

0.8AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

Hotel Booking Portal - SQL Injection

No description provided by source. 'Hotel Booking Portal' SQL Injection CVE-2012-1672 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in getcity.php that allows for SQL injection of the 'country' POST parameter. II. TESTED...

7.5CVSS6.5AI score0.02224EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

ZeroCMS 1.0 - (zero_transact_article.php article_id POST parameter) SQL Injection Vulnerability

No description provided by source. ZeroCMS v1.0 SQL Injection Vulnerability zerotransactarticle.php articleid POST parameter Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms Affected version: 1.0 Severity: High CWE: 89 - http://cwe.mitre.org/data/definitions/89.html CVE:...

7.5CVSS0.01241EPSS
Exploits6
Packet Storm
Packet Storm
added 2014/06/14 12:0 a.m.14 views

ClipBucket CMS Cross Site Scripting

@@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/04/17 12:0 a.m.20 views

Connect &quot;_method&quot;跨站脚本漏洞

Connect是一款基于WEB的应用。 Connect不正确过滤"method" POST参数数据,允许远程攻击者可以利用漏洞构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。 0 Connect 2.x Connect 2.8.1版本已修复该漏洞,建议用户下载使用: https://github.com/senchalabs/connect...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/04/10 12:0 a.m.37 views

csChat-R-Box Script Site Cross-Site Scripting Vulnerability

Exploit for cgi platform in category web applications Exploit Title: "csChat-R-Box Script Site" Cross-Site Scripting XSS Google Dork: csChatRBox.cgi Date: 4/10/2014 Exploit Author: Satanic2000 Vendor Homepage: http://www.cgiscript.net Software Link:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/03/10 12:0 a.m.14 views

e107 &quot;comment&quot;脚本注入漏洞

e107是一款内容管理系统。 由于通过"comment" POST参数传递到/news.php的输入在返回用户前未能正确过滤,当恶意数据被查看时,攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中注入并任意HTML和脚本代码。 0 e107 1.0.4 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://e107.org/...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/02/13 12:0 a.m.56 views

CA 2E Web Option 8.1.2 Privilege Escalation / Denial Of Service

This is a multi-part message in MIME format. ------=NextPart00101CF280B.6C29886A Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E Web...

5.1CVSS0.6AI score0.04598EPSS
Exploits6
Rows per page
Query Builder