StaffList < 3.1.7 - Reflected Cross-Site Scripting

The plugin does to sanitise and escape a parameter before outputting it back in various places in an admin page, leading to a Reflected cross-Site Scripting v v 3.1.7 - https://example.com/wp-admin/admin.php?page=stafflist&search=aa' style=animation-name:rotation onanimationstart=alert/XSS///...

Absolute Shopping Cart Cross Site Scripting

Exploit Title: Absolute shopping cart remote Persistent XSS vulnerability Date: 15th july 2010 Author: D4rk357 Critical:meduim contact:d4rk357atyahoodotin Software Link:http://www.absoluteshoppingcartdemo.co.uk/ Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty, punter,eberly,prashant Shoutz ...

EgO 0.7b - FCKeditor Arbitrary File Upload

EgO 0.7b - FCKeditor Arbitrary File Upload Title: EgO v0.7b fckeditor Remote File Upload Download: http://sourceforge.net/projects/vairux-ego/ AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...

CVE-2005-3860

The CVE-2005-3860 entry describes a PHP remote file inclusion vulnerability in Oliver May Athena PHP Website Administration 0.1a, exploitable via a URL in the athena_dir parameter to execute arbitrary PHP code. Connected sources confirm the affected product/variant and the root cause (RFI in athe...

CVE-2005-3860

PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athenadir parameter...

Allmanage.pl vulnerability

Allmanage.pl vulnerability 13 may 2000 Websites using 'Allmanage Website Administration Software 2.6 WITH the upload ability', and maybe earlier versions , contain a vulnerability wich gives you full add/del/change access in the user-account directories and you can change the files in the main...