CVE-2019-7356

Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter...

KoreaShow Number Error Vulnerability

KoreaShow is a system for cryptocurrency trading. An integer overflow vulnerability exists in the 'transferMulti' function in the smart contract implementation of KoreaShow. The vulnerability can be exploited by an attacker to increase digital assets with the help of the 'value' parameter...

Electronic Logbook (ELOG) Cross-Site Scripting Vulnerability (CNVD-2020-14077)

ELOG is a web application written in C by Stefan Ritt that can be used to create personal and frequently used logs. A cross-site scripting vulnerability exists in Electronic Logbook ELOG 3.1.4. A remote attacker can exploit this vulnerability by injecting arbitrary web script or HTML into elogd.c...

CVE-2019-14343

TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabularioid=list URI...

CVE-2019-14343

CVE-2019-14343 affects TemaTres 3.0, with a stored XSS vulnerability in the parameter value of the vocab/admin.php?vocabulario_id=list endpoint. Multiple connected records confirm the vulnerability and describe client-side code execution potential. The root cause is a stored XSS flaw in the value...

CVE-2019-9661

Stored XSS exists in YzmCMS 5.2 via the admin/systemmanage/userconfigedit.html "value" parameter,...

WUZHI CMS SQL Injection Vulnerability (CNVD-2018-18142)

WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in the /coreframe/app/admin/pay/admin/index.php file in WUZHI CMS version 4.1.0. A remote attacker can exploit this...

KoreaShow Integer Overflow Vulnerability

KoreaShow is a system for trading cryptocurrencies. An integer overflow vulnerability exists in the 'transferMulti' function of the smart contract implementation in KoreaShow. An attacker can exploit this vulnerability to increase digital assets with the help of the 'value' parameter...

CVE-2018-5987

SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pinid or userid parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVa...

CVE-2018-6881

EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php...

CVE-2017-15987

Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter...

CVE-2014-5202

Cross-site scripting XSS vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter...

CVE-2014-5202

Cross-site scripting XSS vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter...

CVE-2014-2043

SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parameter...

Sql injection

SQL injection vulnerability in signupcheck.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action...

CVE-2012-1835

Multiple cross-site scripting XSS vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to app/view/agenda-widget-form.php; 2 args, 3 title, 4 beforetitle, or 5 aftertitle parameter...

CVE-2009-3579

Cross-site scripting XSS vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/...

CVE-2007-5492

Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...

Mtp-Target Server 1.2.2 - Memory Corruption

Mtp-Target Server 1.2.2 - Memory Corruption source: https://www.securityfocus.com/bid/13463/info The Mtp-Target server is prone to a memory corruption vulnerability. The issue exists because a comparison fails to ensure that an integer value parameter retrieved from a client is signed. A check is...