CVE-2021-44299

A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2015-9429

The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panelpage parameter...

Cross site request forgery (csrf)

The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panelpage parameter...

Information disclosure

Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/themes.php and certain other files...

Simple Machines Forum (SMF) 1.1.6 - Local File Inclusion / Code Execution

!/usr/bin/perl @title: Simple Machines Forum Code Execution @versn: perl P:\advisories\smf\smflocalfileinclude.pl -s http://localhost/audit/smf116 -u regular -p test -d ii 0day Simple Machines Forum new cookiejar = , agent = "Mozilla FireFox" ; my %parms = s = "", d = 0, x = sub print " Proxy...

Simple Machines Forum 1.4

Sibertrwolf c 2008 C AY VE YILDIZ GECE YAKIIR C SonSuza Dek TRK FLSTN KARDEL Alembuysa Kral M.H.P : Smf 1.1.4 Remote File Inclusion Vulnerabilities Download: http://www.simplemachines.org Dork : Powerd by SMF 1.1.4 Exploit:...

Local file include, Directory traversal and Full path disclosure in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Local file include, Directory traversal и Full path disclosure уязвимостях в WordPress. Дыры в файлах admin.php параметр import и themes.php параметр page. Full path disclosure: http://site/wp-admin/admin.php?import=....wp-config...

DEBIAN-CVE-2007-3238

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

Cross site scripting

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

CVE-2007-3238

CVE-2007-3238 is a cross-site scripting (XSS) vulnerability in the default WordPress theme’s functions.php on WordPress 2.2. It allows remote authenticated administrators to inject arbitrary script/HTML via PATH_INFO (REQUEST_URI) to wp-admin/themes.php. Some configurations may not elevate privil...

CVE-2007-3238

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

Coppermine Photo Gallery <= 1.2.2b (Nuke Addon) Include Vulnerability

No description provided by source. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Coppermine Photo Gallery v1.2.2b for PHPNUKE THEMEDIR Remote File...