37 matches found
CVE-2022-0739
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection...
CVE-2022-0867
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users...
School Management System CMS 1.0 - username SQL Injection
School Management System CMS 1.0 - username SQL Injection Exploit Title: School Management System CMS 1.0 - Admin Login SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage:...
WordPress DFD Reddcoin Tips 1.1.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable DFD Reddcoin Tips Plugin 1.1.1 DFD Reddcoin Tips Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue...
MzK Blog Katgoster.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24909/info MzK Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Quick Classifieds 1.0 - controlcenter/manager.php3 DOCUMENT_ROOT Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...
Programs Rating rate.php id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/35746/info Programs Rating Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script...
Jetbox CMS 2.1 - Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/24077/info Jetbox is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromis...
mcGallery 1.1 - admin.php lang Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/28587/info mcGallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...
okul siteleri 'com_mezun' Component SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27755/info 'okul siteleri' is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromi...
Amateur Photographers Image Gallery - force-download.php?File Information Disclosure
Amateur Photographers Image Gallery - force-download.php?File Information Disclosure source: https://www.securityfocus.com/bid/56110/info Amateur Photographer's Image Gallery is prone to multiple SQL injection vulnerabilities, a cross-site scripting vulnerability, and an arbitrary file-disclosure...
AlamFifa CMS - user_name_cookie SQL Injection
AlamFifa CMS - usernamecookie SQL Injection source: https://www.securityfocus.com/bid/55746/info AlamFifa CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Clipbucket 2.6 - 'view_item.php?type' Cross-Site Scripting
source: https://www.securityfocus.com/bid/51321/info ClipBucket is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal...
OneCMS 2.6.4 - Multiple SQL Injections
OneCMS 2.6.4 - Multiple SQL Injections source: https://www.securityfocus.com/bid/49733/info OneCMS is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...
Joomla! Component com_community - 'userid' SQL Injection
source: https://www.securityfocus.com/bid/48983/info The 'comcommunity' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
IBM Lotus Sametime - stconf.nsfWebMessage?messageString Cross-Site Scripting
IBM Lotus Sametime - stconf.nsfWebMessage?messageString Cross-Site Scripting source: https://www.securityfocus.com/bid/46471/info IBM Lotus Sametime Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...
DeluxeBB 'xthedateformat' Parameter SQL Injection Vulnerability
DeluxeBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...
Joomla! Component com_aml_2 - 'art' SQL Injection
source: https://www.securityfocus.com/bid/38914/info The 'comaml2' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Joomla! Component com_mygallery - 'cid' SQL Injection
Bugtraq ID: 37121 Class: Input Validation Error Published: Feb 21 2008 12:00AM Updated: Nov 24 2009 10:15PM Credit: S@BUN Vulnerable: Joomla commygallery 0 The 'commygallery' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied...
Joomla! Component CB Resume Builder - 'group_id' SQL Injection
source: https://www.securityfocus.com/bid/36598/info The CB Resume Builder 'comcbresumebuilder' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...