CVE-2015-2967

Cacti Multiple Vulnerabilities (CVE-2015-2967) : The affected product is Cacti, specifically versions before 0.8.8d. The vulnerability is an XSS in the settings.php script that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The underlying issue is a failur...

CVE-2015-2967

Cross-site scripting XSS vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cacti vulnerable to cross-site scripting

Overview Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in settings.php. Daiki Fukumori of Cyber Defense Institute, Inc. and Masako Ohno reported this vulnerabilit...

MediaSuite.ca File Disclosure

. | | / | | \ \ | | \ / | |\ / / /\ \ / \ | / ^ / / || / / / / /\ /\ \ \ \ | / \ / http://twitter.com/h4SEC / \ | \ \ Proof Video: https://www.youtube.com/watch?v=7yxbfD1YK8Y / // / \ / My + Author : KnocKout E-Mail : [email protected] Twitter: http://twitter.com/h4SEC HomePage :...

WordPress Survey and Poll Blind SQL Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

Sql injection

SQL injection vulnerability in the ajaxsurvey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the surveyid parameter in an ajaxsurvey action to wp-admin/admin-ajax.php...

CVE-2015-2090

SQL injection vulnerability in the ajaxsurvey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the surveyid parameter in an ajaxsurvey action to wp-admin/admin-ajax.php...

WordPress Survey_and_poll Plugin 1.1 /settings.php SQL注入漏洞

No description provided by source...

SA-CONTRIB-2014-120 - Piwik Web Analytics - Information disclosure

This module enables you to integrate Drupal with Piwik Web Analytics. The module leaks the site specific hash salt to authenticated users when user-id tracking is turned on. This vulnerability is mitigated by the fact that user-id tracking must be turned on and the attacker needs to have an accou...

2532/gigs 1.2.2 - stable Multiple Vulnerabilities

No description provided by source. START 0x01 Informations: Script : 2532|Gigs v1.2 Stable Download : http://www.hotscripts.com/jump.php?listingid=65863&jumptype=1 Dork : Powered by 2532|Gigs v1.2.2 Vulnerability : Local File Inclusion / Remote File Upload Author : Osirys Contact :...

MyCMS <= 0.9.8 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo MyCMS = 0.9.8 Remote Command Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love ; if $argc3 echo Usage: php .$argv0. Host Path C...

Ignition 1.3 (comment.php) Local File Inclusion Vulnerability

No description provided by source. Ignition 1.3 === Local File Include By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://launchpad.net/ignition/trunk/1.3/+download/ignition-1.3.tar.gz ========================================= xpl :...

LiteNews <= 0.1 (id) Remote SQL Injection Vulnerability

No description provided by source. litenews-01 = 1.2 Remote sql injection Download : http://webscripts.softpedia.com/scriptDownload/LiteNews-Download-43228.htmldownloadlocations Injection Adress : http://Sitename/litenew//index.php?mode=view&id= code sql you need to crypt the directory of...

Ignition 1.3 (page.php) Local File Inclusion Vulnerability

No description provided by source. Ignition 1.3 page Local File Inclusion Vulnerability disclosed by cOndemned download: http://launchpad.net/ignition/trunk/1.3/+download/ignition-1.3.tar.gz note: 1. Magicquotesgpc should be turned off in order to exploit this vulnerability 2. LFI bugs found by m...

IncCMS Core <= 1.0.0 (settings.php) Remote File Include Vulnerability

No description provided by source. ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ ++...

SMA-DB <= 0.3.9 (settings.php) Remote File Inclusion Vulnerability

No description provided by source. To ConTacT mE:wWw.Asb-May.net/bb ScRiPt:-http://people.ee.ethz.ch/dmaeder/bluevirus/downloader.php?filename=U01BLURC&referrer=hots Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs Gr0uP Settings.php:- includeonce$pfadz.scripts/session.php;...

Webspell 4.x - safe_query Bypass Vulnerability

No description provided by source. INFORMATION +Name : Webspell 4.X safequery bypass Vulnerability +Author : silent vapor +Date : 29.09.2010 +Script : webspell +Price : free +Language :PHP +Discovered by silent vapor +Underground Agents +Greetz to Team-Internet, 4004-Security-Project, Easy Laster...

WordPress Facebook Promotion Plugin <= 1.3.4 - Multiple XSS

Because of these vulnerabilities in admin/swarm-settings.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

CVE-2013-7344

Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions...

CVE-2013-1822

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the 1 quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin...