21 matches found
CVE-2017-20152
A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. T...
CVE-2017-20152 aerouk imageserve File viewer.php path traversal
A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. T...
PT-2022-8017 · Unknown · Aerouk Imageserve
Name of the Vulnerable Software and Affected Versions: aerouk imageserve affected versions not specified Description: A problematic vulnerability was found in aerouk imageserve, affecting an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the...
isabellasisca.it XSS vulnerability
Open Bug Bounty ID: OBB-364051 Description| Value ---|--- Affected Website:| isabellasisca.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
lostdutchmanmarathon.org XSS vulnerability
Vulnerable URL: http://lostdutchmanmarathon.org/viewer.php?picture=images/2009racepictures/SHZ0453.JPG=1/-///'/"//--...
masshist.org XSS vulnerability
Vulnerable URL: http://www.masshist.org/database/viewer.php?itemid=99=transcript%22%3E%3Cscript%3Ealert/OPENBUGBOUNTY/%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
Webinars 2.2.26.0 Script Insertion
Document Title: =============== Webinars v2.2.26.0 - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1412 Release Date: ============= 2015-01-19 Vulnerability Laboratory ID VL-ID: ====================================...
Webinars v2.2.26.0 - Client Side Cross Site Vulnerability
Document Title: =============== Webinars v2.2.26.0 - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1412 Release Date: ============= 2015-01-19 Vulnerability Laboratory ID VL-ID: ====================================...
Webinars v2.2.26.0 - Client Side Cross Site Vulnerability
Document Title: =============== Webinars v2.2.26.0 - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1412 Release Date: ============= 2015-01-19 Vulnerability Laboratory ID VL-ID: ====================================...
CVE-2014-4331 OctavoCMS reflected XSS vulnerability
This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter. Current release on their demo site is vulnerable, same as other few sites I could find. PoC:...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/viewer.php in OctavoCMS allows remote attackers to inject arbitrary web script or HTML via the src parameter...
CVE-2014-4331
CVE-2014-4331 is an XSS vulnerability affecting OctavoCMS up to version 3.1.1, exploitable through the src parameter in admin/viewer.php. The issue is reflected XSS; PoC demonstrates script injection on vulnerable demos. OpenVAS metadata indicates a WillNotFix remediation, and several vulnerabili...
OctavoCMS Cross Site Scripting
This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter. Current release on their demo site is vulnerable, same as other few sites I could find. PoC:...
Server: Multiple XSS vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions allow remote attackers to inject arbitrary web script or HTML via the "sitename" and "siteurl" POST parameters to setsites.php in /apps/external/ajax/ CVE-2013-0297 Commits: e0140a stable45,...
CVE-2011-3753
LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files...
CVE-2011-3753
LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files...
PHP Krazy Image Host Script 1.01 - 'id' SQL Injection
0x01 Informations: Name : PHP Krazy Image Host Script 1.01 Download : http://www.hotscripts.com/listings/jump/download/66961/ Vulnerability : Sql Injection Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/viewer.php Code $id = $GET'id';...
PHP Krazy Image Host Script 1.01 - id SQL Injection
PHP Krazy Image Host Script 1.01 - id SQL Injection 0x01 Informations: Name : PHP Krazy Image Host Script 1.01 Download : http://www.hotscripts.com/listings/jump/download/66961/ Vulnerability : Sql Injection Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged...
PHP Krazy Image Host Script 1.01 SQL Injection
0x01 Informations: Name : PHP Krazy Image Host Script 1.01 Download : http://www.hotscripts.com/listings/jump/download/66961/ Vulnerability : Sql Injection Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/viewer.php Code $id = $GET'id';...
PHP Krazy Image Host Script 1.01 (viewer.php id) SQL Injection Vuln
Exploit for unknown platform in category web applications =================================================================== PHP Krazy Image Host Script 1.01 viewer.php id SQL Injection Vuln =================================================================== 0x01 Informations: Name : PHP Krazy...