neataheat.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-417701 Description| Value ---|--- Affected Website:| neataheat.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-11736

SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter...

CVE-2017-11736

SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter...

contact.hamptonroads.com XSS vulnerability

Open Bug Bounty ID: OBB-260005 Description| Value ---|--- Affected Website:| contact.hamptonroads.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Fastspot BigTree CMS SQL Injection Vulnerability (CNVD-2017-08704)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. Fastspot BigTree CMS 4.2.18 and earlier versions of the core\admin\modules\developer\extensions\install\process.php file and core\admin\modules\developer\ An SQL injection...

Sql injection

DISPUTED BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and...

CVE-2017-9443

BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and...

CVE-2017-9443

BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and...

CVE-2017-9443

BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and...

Malware exploit: Zskimmer

Type: SQLi Vuln: http://localhost/process.php?xy=2...

Schoolhos CMS 'process.php' page remote code execution vulnerability

Schoolhos CMS is a free and open source content management system. A remote code execution vulnerability exists in the process.php page of Schoolhos CMS version 2.29, which can be exploited by an attacker to execute arbitrary code in the context of an affected application, potentially also...

Schoolhos CMS 2.29 - Remote Code Execution / SQL Injection

\x0d\x0a-----------------------------26518470919255\x0d\x0a\x0d\x0a' \ 'http://HOST/PATH/elearningku/proses.php?pilih=guru&untukdi=upload' php file can be c...

macinside.info XSS vulnerability

Vulnerable URL: http://www.macinside.info/process.php?name=ubd" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 622069 VIP website status:| No Check macinside.info SSL connection:|...

CVE-2014-4538

Cross-site scripting XSS vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter...

WordPress Malware Finder Plugin <= 1.1 - XSS

Because of this vulnerability in process.php, the attackers can inject arbitrary web script or HTML via the "query" parameter. Solution Update the plugin...

EPESI CRM 1.5.5 Cross Site Scripting

============================================================== Title ...| EPESI CRM vulnerable to persistent XSS Version .| epesi-1.5.5-20140113.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://epe.si/download ==============================================================...

Telekom Bug Bounty #9 - Code Execution Vulnerability

Document Title: =============== Telekom Bug Bounty 9 - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1174 Dev Article:...

MobileCartly 1.0 - Arbitrary File Upload

Exploit Title: MobileCartly 1.0 Remote File Upload Vulnerability Google Dork: - Date: 14/08/2012 Exploit Author: ICheerNo0M Vendor Homepage: http://icheernoom.blogspot.com/ Software Link: http://mobilecartly.com/mobilecartly.zip Version: 1.0 Tested on: Ubuntu 10.10 + PHP 5.3.3 1. Vuln Code :...

Sql injection

SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information...

CVE-2011-3776

phpFormGenerator 2.09 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by forms/process.php...