Drupal avatar_uploader arbitrary file download vulnerability

avataruploader is the module used to implement the function of uploading user images in a content management system maintained by the Drupal community. A security vulnerability exists in avataruploader version 7.x-1.0-beta8, which is caused by code in the view.php file that fails to validate user...

CVE-2018-9205

Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...

CVE-2017-18217

An issue was discovered in InvoicePlane before 1.5.5. It was observed that the Email address and Web address parameters are vulnerable to Cross Site Scripting, related to application/modules/clients/views/view.php, application/modules/invoices/views/view.php, and...

Cross site scripting

An issue was discovered in InvoicePlane before 1.5.5. It was observed that the Email address and Web address parameters are vulnerable to Cross Site Scripting, related to application/modules/clients/views/view.php, application/modules/invoices/views/view.php, and...

summerhillvp.com XSS vulnerability

Open Bug Bounty ID: OBB-574281 Description| Value ---|--- Affected Website:| summerhillvp.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-17959

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter...

semcms view.php SQL注入

...

brovary.info XSS vulnerability

Vulnerable URL: http://www.brovary.info/catalog/view.php?id=3758=2"'--!...

Sql injection

SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php...

CVE-2017-14345

CVE-2017-14345 affects the tianchoy/blog project, where a SQL injection is possible through the id parameter to view.php. The vulnerability is described across multiple sources (Red Hat, CNVD, NVD, CVE listings) as existing up to 2017-09-12, with the attack surface being the id parameter passed t...

blossomtouch.com XSS vulnerability

Vulnerable URL: https://blossomtouch.com/catalog/view/theme/quick-view.php?productid=740href=xss%22%3E%3Csvg/onload=prompt/openbugbounty/%3E%3C!-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 07.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclose...

Dzzoffice v1.3.1 Arbitrary File Download Vulnerability in Multiple Pages

DzzOffice is an open source cloud storage management tool. Dzzoffice v1.3.1 Arbitrary file download vulnerability exists in the 'pdfviewer.php', 'view.php', 'download.php' and 'attachment.php' pages, which can be exploited by attackers to obtain sensitive information...

bjbevanston.com XSS vulnerability

Vulnerable URL: http://www.bjbevanston.com/view.php?last-tab=1/-///'/"//--...

kenwatches.com XSS vulnerability

Vulnerable URL: http://www.kenwatches.com/view.php?k=Rolex=0=3〈=1/-///'/"//--...

artvault.co.za XSS vulnerability

Vulnerable URL: http://www.artvault.co.za/view.php?id=20772=artistid=1="';-- =artists.sname=0=270 Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 19:26 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5563836 V...

semcms /semcms/view.php parameter ID injection vulnerability

No description provided by source...

FreePBX 13/14 - Remote Command Execution / Privilege Escalation

!/usr/bin/env python -- coding, latin-1 -- DESCRIPTION FreePBX 13 remote root 0day - Found and exploited by pgt @ nullsecurity.net AUTHOR pgt - nullsecurity.net DATE 8-12-2016 VERSION freepbx0day.py 0.1 AFFECTED VERSIONS FreePBX 13 & 14 System Recordings Module versions: 13.0.1beta1 - 13.0.26 STA...

FreePBX 13 / 14 - Remote Command Execution / Privilege Escalation

Exploit for linux platform in category remote exploits !/usr/bin/env python -- coding, latin-1 -- DESCRIPTION FreePBX 13 remote root 0day - Found and exploited by pgt @ nullsecurity.net AUTHOR pgt - nullsecurity.net DATE 8-12-2016 VERSION freepbx0day.py 0.1 AFFECTED VERSIONS FreePBX 13 & 14 Syste...

CANDID 'view.php' SQL Injection and Cross Site Scripting Vulnerabilities

CANDID is prone to sql injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

benettonkorea.co.kr XSS vulnerability

Vulnerable URL: http://www.benettonkorea.co.kr/shop5/shop/board/view.php?no=...