190 matches found
CVE-2020-10478
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request...
CVE-2020-10390
CVE-2020-10390 affects Chadha PHPKB Standard Multi-Language 9. The OS command injection exists in export.php (called from include/functions-article.php) allowing remote code execution by saving malicious code into the wkhtmltopdf path via admin/save-settings.php. This is documented across multipl...
CVE-2009-5068
There is a file disclosure vulnerability in SMF Simple Machines Forum affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesyste...
CVE-2009-5068
There is a file disclosure vulnerability in SMF Simple Machines Forum affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesyste...
Fedora 31 : drupal7 (2019-4917943339)
RPM notes : - All docs are now in /usr/share/doc/drupal7/ - All licenses are now in /usr/share/licenses/drupal7/ - Requires have been updated to include all phpcompatinfo extension findings 7.69 Maintenance and security release of the Drupal 7 series. This release fixes security vulnerabilities...
Remote Code Execution (RCE)
yoast/wordpress-seo is vulnerable to remote code execution. An SEO Manager is able to execute arbitrary OS commands via a ZIP import through a race condition vulnerability in unzipfile in admin/import/class-import-settings.php...
CVE-2018-19370
The CVE-2018-19370 entry concerns Yoast SEO (wordpress-seo) plugin for WordPress, specifically versions before 9.2.0. A race-condition in unzip_file (admin/import/class-import-settings.php) allows an SEO Manager to execute OS commands via a ZIP import. Public sources in the connected documents co...
CVE-2018-17835
GetSimple CMS 3.3.15 is affected by CVE-2018-17835. The issue is a stored XSS: an administrator can inject malicious payload via the admin/settings.php Custom Permalink Structure parameter, which then contaminates any page created at the admin/pages.php URI. The vulnerability is rooted in imprope...
CVE-2017-16641
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the pathrrdtool parameter in an action=save request to settings.php...
CVE-2017-16641
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the pathrrdtool parameter in an action=save request to settings.php...
CVE-2017-16641
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the pathrrdtool parameter in an action=save request to settings.php...
WordPress MiniMax Plugin <= 2.0.2 - Cross Site Scripting
This vulnerability is in ./page-layout-builder/includes/layout-settings.php. Solution Update the plugin...
Wordpress Spider Video Player插件-settings.php文件-跨站脚本漏洞
No description provided by source...
JoomShopping - Blind SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: JoomShopping Blind Sql injection Google Dork: allinurl:"/modules/modjshoppingproductswfl/js/" Date: 2015-07-24 Exploit Author: Mormoroth Vendor Homepage: http://www.webdesigner-profi.de Software Link:...
JoomShopping - Blind SQL Injection
Exploit Title: JoomShopping Blind Sql injection Google Dork: allinurl:"/modules/modjshoppingproductswfl/js/" Date: 2015-07-24 Exploit Author: Mormoroth Vendor Homepage: http://www.webdesigner-profi.de Software Link: http://www.webdesigner-profi.de/joomla-webdesign/joomla-shop/downloads.html...
JoomShopping - Blind SQL Injection
JoomShopping - Blind SQL Injection Exploit Title: JoomShopping Blind Sql injection Google Dork: allinurl:"/modules/modjshoppingproductswfl/js/" Date: 2015-07-24 Exploit Author: Mormoroth Vendor Homepage: http://www.webdesigner-profi.de Software Link:...
Cross site scripting
Cross-site scripting XSS vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
DEBIAN-CVE-2015-2967
Cross-site scripting XSS vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-2967
Cross-site scripting XSS vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-2967
Cross-site scripting XSS vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...