128 matches found
jira-prod-app02.it.su.se XSS vulnerability
Open Bug Bounty ID: OBB-604955 Description| Value ---|--- Affected Website:| jira-prod-app02.it.su.se Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
qdPM Information Disclosure Vulnerability
qdPM is a free , open source based on Symfony framework using PHP and MySQL development project management system . An information disclosure vulnerability exists in qdPM version 8.3. A remote attacker can exploit this vulnerability by sending a direct request to core/config/databases.yml,...
Stable Channel Update for Chrome OS
The Stable channel has been updated to 48.0.2564.116 Platform version: 7647.84.0 for all Chrome OS devices. This build contains a number of bug fixes, and security fixes. Systems will be receiving updates over the next several days. Security Fixes Note: Access to bug details and links may be kept...
ch-fr.pre-prod.nissan.eu XSS vulnerability
Vulnerable URL: http://ch-fr.pre-prod.nissan.eu/CH/fr/htmlshare.-popupsharehtml.html?url=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 12:35 GMT Vulnerability type:| XSS Vulnerability status:|...
WordPress Photocrati Theme SQL Injection Vulnerability
WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.Photocrati is one of the photography themes. A SQL injection vulnerability exists in the ecomm-sizes.php script in...
CVE-2010-1857
SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. NOTE: the provenance of this information is unknown; the details are obtained sole...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in RepairShop2 1.9.023 Trial, when magicquotesgpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action...
CVE-2007-6466
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via 1 the prod parameter in a details action, 2 the cat parameter in a browse list action, or 3 the group parameter in a categories action. NOTE: it was later reported...