69 matches found
RealtyScript SQL注入漏洞
RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript has a SQL injection vulnerability, which stems from improper cleaning of the uid and agent parameters. This vulnerability could allow unverified attackers to inject arbitrary SQL...
RealtyScript 跨站脚本漏洞
RealtyScript is a real estate website management system developed by RealtyScript Corporation. Version 4.0.2 of RealtyScript contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of text parameters, which may allow attackers to inject malicious HTML and...
PT-2026-25722
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...
RealtyScript 跨站脚本漏洞
RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript contains a cross-site scripting vulnerability. This vulnerability stems from improper cleanup of uploaded files, which may allow attackers to store malicious scripts through the fi...
CVE-2015-20120
CVE-2015-20120 maps to RealtyScript 4.0.2 from Next Click Ventures, which contains multiple time-based blind SQL injection vulnerabilities. The flaw allows unauthenticated attackers to infer database contents by sending time-delay payloads in application parameters, effectively exposing data char...
CVE-2015-20120
Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...
CVE-2015-20120 RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection
Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...
CVE-2015-20120 RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection
Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...
CVE-2015-20121 RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters
Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...
CVE-2015-20121
CVE-2015-20121 affects RealtyScript 4.0.2 from Next Click Ventures. The vulnerability is an SQL injection in /admin/users.php (GET parameter u_id) and /admin/mailer.php (POST parameter agent[]) allowing unauthenticated attackers to manipulate queries via time-based blind payloads to exfiltrate da...
CVE-2015-20121 RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters
Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...
CVE-2015-20121
Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...
CVE-2015-20119
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...
CVE-2015-20119 RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...
CVE-2015-20119 RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious HTML and iframe elements through the text parameter in the pages.php admin interface. Attackers can submit POST requests to the add page action with...
CVE-2015-20119
CVE-2015-20119 affects RealtyScript 4.0.2 (Next Click Ventures). It is a stored cross-site scripting vulnerability in the pages.php admin interface: an authenticated attacker can submit crafted iframe payloads via the text parameter to the add page action, storing malicious content that executes ...
CVE-2015-20117
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and...
CVE-2015-20117
The CVE-2015-20117 entry concerns RealtyScript 4.0.2 from Next Click Ventures. A cross-site request forgery vulnerability allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting requests to /admin/addusers.php and /admin/editadmins.php, enabling ...
CVE-2015-20118 RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the locationname parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the locationname field to execute arbitrary code...
CVE-2015-20117 RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and...