122 matches found
DocCMS la***.php file has an arbitrary file read vulnerability
DocCMS rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. DocCMS la.php file has an arbitra...
SSJI-to Node. js vulnerability audit of the series a-vulnerability warning-the black bar safety net
hello I was in control of the security laboratory of the Whispering Wind, the JavaScript in Node. js with the help of turned into a server-side scripting language, so since it is a service side scripting language, there may be some security issues. SSJIserver side JavaScript injection is a...
PHP Scripts Mall advanced-real-estate-script cross-site scripting vulnerability
PHP Scripts Mall advanced-real-estate-script is a PHP and MySQL based real estate website system script by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall advanced-real-estate-script, which can be exploited by remote attackers to inject HTML code via the Na...
CVE-2018-6870
Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature...
SchoolCMS suffers from a variable override vulnerability (CNVD-2017-30716)
SchoolCMS is a school teaching management system based on PHP+MySQL. SchoolCMS suffers from a variable override vulnerability. An attacker can utilize the browser's TAB function to reset any user's password...
php: ZipArchive:: extractTo allows for directory traversal when creating directories
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...
PHP: sets environmental variable based on user supplied Proxy request header
It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request...
PHP: sets environmental variable based on user supplied Proxy request header
It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request...
Open Real Estate Cross-Site Scripting Vulnerability
Open Real Estate CMS is a PHP-based content management system. A cross-site scripting vulnerability exists in Open Real Estate. An attacker can exploit the vulnerability to execute malicious script code...
Hive 2.0 RC2 XSS / Code Execution / SQL Injection
| Title : Hive v2.0 RC2 Multi Vulnerability | Author : indoushka | email : [email protected] | Dork : "Powered by DigitalHive" | Tested on: windows 8.1 Français V.Pro | Bug : Stop Script | Download : http:///www.digitalhive.com ======================================= Stop SCript working :...
BuyClassifiedScript PHP Code Injection Vulnerability
No description provided by source. Exploit Title: buyclassifiedscript PHP code injection vulnerability Date: 25.11.201 Exploit Author: d3b4g Vendor Homepage: http://buyclassifiedscript.com/ Tested on:Windows 7 Blog: d3b4g.me...
BuyClassifiedScript PHP Code Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: buyclassifiedscript PHP code injection vulnerability Date: 25.11.201 Exploit Author: d3b4g Vendor Homepage: http://buyclassifiedscript.com/ Tested on:Windows 7 Blog: d3b4g.me...
BuyClassifiedScript - PHP Code Injection
BuyClassifiedScript - PHP Code Injection Exploit Title: buyclassifiedscript PHP code injection vulnerability Date: 25.11.201 Exploit Author: d3b4g Vendor Homepage: http://buyclassifiedscript.com/ Tested on:Windows 7 Blog: d3b4g.me...
BuyClassifiedScript - PHP Code Injection
Exploit Title: buyclassifiedscript PHP code injection vulnerability Date: 25.11.201 Exploit Author: d3b4g Vendor Homepage: http://buyclassifiedscript.com/ Tested on:Windows 7 Blog: d3b4g.me ---------------------------------------------------------------------------------- This vulnerability allow...
BuyClassifiedScript PHP Code Injection
Exploit Title: buyclassifiedscript PHP code injection vulnerability Date: 25.11.201 Exploit Author: d3b4g Vendor Homepage: http://buyclassifiedscript.com/ Tested on:Windows 7 Blog: d3b4g.me ---------------------------------------------------------------------------------- This vulnerability allow...
cnn-xss.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear CNN, I recently discovered a security vulnerability on the www.cnn.com website. I believe the vulnerability can be used by a remote user to alter content on www.cnn.com. On 10 Nov 2008, I wrote to...
PT-2008-3301 · Blogator · Blogator-Script
Name of the Vulnerable Software and Affected Versions: Blogator-script version 1.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the incl page parameter in several PHP files, including struct admin.php, struct admin blog.php, and struct main.php in the...
PT-2007-6476 · Unknown · Crs Manager
Name of the Vulnerable Software and Affected Versions: CRS Manager affected versions not specified Description: The issue concerns multiple PHP remote file inclusion vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT ROOT paramete...
The script pictures the back door without echo solutions-vulnerability warning-the black bar safety net
First of all, let us think about why the picture of the back door is not back obvious reason: as you know, we use the include contains picture, the interpreter will put the picture as a text document for searching and automatic parsing% %or??& gt;of the script. So what other html characters such...
DEBIAN-CVE-2004-1736
Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to 1 auth.php, 2 authlogin.php, 3 authchangepassword.php, and possibly other php files, which reveal the installation path in a PHP error message...