CVE-2021-44116

Cross Site Scripting XSS vulnerability exits in Anchor CMS =0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations...

CVE-2021-25780

An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell...

VicBlog Path Disclosure / SQL Injection

Author : Geek Title : Vicblog Multiple Vulnerabilities Date : 10/25/2012 Dork : allintext: "Powered by VicBlog" Tested On : Winxp Multiple Sql Injection x File : passwordforgotten x Code : $email = $POST'email' ; $sql = mysqlquery"SELECT FROM vbaccounts where email = '$email'" x P0c :...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...

CVE-2011-3835

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...

Code injection

Direct static code injection vulnerability in postpost.php in Dayfox Blog dfblog 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php...

CVE-2007-1525

Direct static code injection vulnerability in postpost.php in Dayfox Blog dfblog 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php...

CVE-2006-2725

Eggblog vulnerable to SQL injection in rss/posts.php (

WD-SMPL.txt

!/usr/bin/perl -w SimpleBBS v1.1posts.php remote command execution Xploit Discovered & Coded By rUnViRuS World Defacers TeaM WD-members: rUnViRuS - Papipsycho Details ======= Note : SimpleBBS v1.1posts.php remote command execution Xploit . . . Join with us to Get Prvi8 Exploit Priv8 Priv8 Priv8...

SimpleBBS v1.1(posts.php) remote command execution

World Defacers Team ====================================== --------------------Summary---------------- eVuln ID: WD10 Vendor: SimpleBBS Vendor's Web Site: www.simplemedia.org Software: SimpleBBS Forums Sowtware's Web Site: www.simplemedia.org Versions: v1.1 v 1.0. Class: Remote PoC/Exploit:...

CVE-2006-0155

Cross-site scripting XSS vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI...

CVE-2006-0155

CVE-2006-0155 describes a cross-site scripting (XSS) flaw in the 427BB web app, specifically in posts.php across versions 2.2 and 2.2.1. The issue arises when a user submits a new message that uses a url BBCode tag containing a javascript URI, allowing remote attackers to inject arbitrary JavaScr...