CVE-2020-15175

In GLPI before version 9.5.2, the ​pluginimage.send.php​ endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”...

CVE-2020-19447

SQL injection exists in the jdownloads 3.2.63 component for Joomla! comjdownloads/models/send.php via the fmarkedfilesid parameter...

Sql injection

SQL injection exists in the jdownloads 3.2.63 component for Joomla! comjdownloads/models/send.php via the fmarkedfilesid parameter...

PHP Mass Mail 1.0 - Arbitrary File Upload

Exploit Title: PHP Mass Mail 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: https://phpmassmail.sourceforge.io/ Software Link: https://netix.dl.sourceforge.net/project/phpmassmail/phpmassmail/1.0.0/phpmassmail.zip Version: 1.0 Category: Webapp...

drunce.cz XSS vulnerability

Open Bug Bounty ID: OBB-600243 Description| Value ---|--- Affected Website:| drunce.cz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

flory.net XSS vulnerability

Vulnerable URL: http://flory.net/php/send.php?league=1"...

xopera.site.ge vulnerability

Open Bug Bounty ID: OBB-118247 Description| Value ---|--- Affected Website:| xopera.site.ge Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerable URL: http://xopera.site.ge/send.php?link=https://www.xssposed.org/=17 Coordinat...

chacmool Private Message System 1.1.3 send.php tid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11671/info Private Message System is reported prone to multiple vulnerabilities that can allow remote attackers to carry out cross-site scripting attacks and disclose arbitrary private messages. Private Message System 1.1...

Sql injection

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 newsid parameter to news/send.php, 2 threadid parameter to posts/edit.php, or 3 useremail parameter to users/password.php or 4 users/register.php. NOTE: these issues were SPLIT...

Sql injection

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...

Islamic Voice SQL Injection

----------exploit Debut Remote SQL Injection Vulnerability ----------Script Info Moi : JIKO Site : No-exploit.Com Email : mm : Moghla9 Ferme Closed ----------Script Info Script : islamic voice Download : http://www.fileflyer.com/view/9WQZeAo || http://www.fileflyer.com/view/9WQZeAo...

islamic voice Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================ islamic voice Remote SQL Injection Vulnerability ================================================ ----------exploit Debut Remote SQL Injection Vulnerability ----------Script Info Moi : JIKO...

Directory traversal

Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the load parameter. NOTE: some of these details are obtained from...

CVE-2009-0570

Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the load parameter. NOTE: some of these details are obtained from...

Mailist 3.0 - Insecure Backup / Local File Inclusion

Mailist 3.0 Insecure Backup/Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + www.anti-intruders.org + Homepage : http://ninjadesigns.co.uk/ + Download : http://ninjadesigns.co.uk/enter/mailist.zip + Insecure Backup - Vulnerable code in...

Mailist 3.0 Insecure Backup / LFI

Mailist 3.0 Insecure Backup/Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + www.anti-intruders.org + Homepage : http://ninjadesigns.co.uk/ + Download : http://ninjadesigns.co.uk/enter/mailist.zip + Insecure Backup - Vulnerable code in...

Mailist 3.0 - Insecure Backup Local File Inclusion

Mailist 3.0 - Insecure Backup Local File Inclusion + Mailist 3.0 Insecure Backup/Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + www.anti-intruders.org + Homepage : http://ninjadesigns.co.uk/ + Download :...

CVE-2006-5770

Multiple cross-site scripting XSS vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via 1 Bloks, 2 Newnews, 3 lBlok, and 4 foooot parameter in a index.php; Newnews, 5 newmsgs, and Bloks parameter in b MobileNews.php; Newnews parameter in c polls.php; 6...