CVE-2013-1822

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the 1 quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin...

Cross site scripting

Cross-site scripting XSS vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter...

CVE-2013-0307

Cross-site scripting XSS vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 post-menu field to edit.php or 2 Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already...

CVE-2013-7243

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 post-menu field to edit.php or 2 Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already...

CVE-2013-3515

Multiple cross-site scripting XSS vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 package parameter to www/admin/plugin-index.php or the 2 group parameter to www/admin/plugin-settings.php...

Sql injection

SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter...

CVE-2013-3532

SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter...

Multiple code executions - ownCloud

A code executions vulnerability in ownCloud 4.5.6 and 4.0.11 and all prior versions allow authenticated remote attackers to execute arbitrary PHP code via unspecified POST parameters to translations.php in /core/ajax/ Commits: 74e73bc stable4, ece08cd stable45 Risk: Critical A code executions...

CVE-2012-5665

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of userwebdavauth and userldap by editing this file...

CVE-2012-5665

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of userwebdavauth and userldap by editing this file...

CVE-2012-5665

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of userwebdavauth and userldap by editing this file...

Server: XSS vulnerability in user_webdavauth

A cross-site scripting XSS vulnerability in ownCloud 4.5.x before 4.5.2 allow remote attackers to inject arbitrary web script or HTML via the POST data to settings.php in apps/userwebdavauth/ For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

CVE-2012-5385

install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference...

Code injection

install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference...

CVE-2012-5385

install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference...

Cross site scripting

Cross-site scripting XSS vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php."...

CVE-2012-2703

Cross-site scripting XSS vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php."...

WebCalendar 1.2.4 Pre-Auth Remote Code Injection

This module exploits a vulnerability found in k5n.us WebCalendar, version 1.2.4 or less. If not removed, the settings.php script meant for installation can be update by an attacker, and then inject code in it. This allows arbitrary code execution as www-data. This module requires Metasploit:...

Hosting Directory Cross Site Request Forgery

Exploit Title: Hosting Directory CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/hosting-directory-script/27433/ Category:: webapps Demo : http://www.e-soft24.com/scripts/hosting-directory/admin Greetz: Inj3ct0r Exploit DataBase 1337day.com Our web host directory...