Path traversal

An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php...

ZZCMS 路径遍历漏洞

ZZCMS is a content management system CMS from the ZZCMS team in China. A security vulnerability exists in ZZCMS 2022, which stems from a vulnerability that allows an attacker to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php...

SQL injection vulnerability in siteinfo parameter of xycms add_ad.php page

XYCMS was formerly known as Nanjing XYCMS Enterprise Station Building System, which is a commercial station building system based on ASP development. Xycms SQL injection vulnerability, the system on the addad.php page siteinfo parameters are not effectively filtered, attackers can exploit the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 form and 2 control parameters to FCKeditor/neditor.php, and the 3 path parameter to admin/siteinfo/iframe.inc.php...

CVE-2008-5729

CVE-2008-5729 describes multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier. The issues allow remote attackers to inject arbitrary web script or HTML via three vectors: (1) the form and (2) the control parameters to FCKeditor/neditor.php, and (3) the path parameter...