19 matches found
CVE-2026-31018
In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...
CVE-2026-31018
In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...
Linux Distros Unpatched Vulnerability : CVE-2023-4197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper input validation in Dolibarr ERP CRM = v18.0.1 fails to strip certain PHP code from user- supplied input when creating a Website, allowing an attacker ...
PT-2024-9697
Name of the Vulnerable Software and Affected Versions: CyberPanel versions prior to 2.3.8 Description: The issue exists due to the lack of measures to neutralize special elements, allowing a remote attacker to execute arbitrary commands using a specially crafted HTTP OPTIONS request. This can be...
CVE-2023-4197
Improper input validation in Dolibarr ERP CRM = v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code...
PT-2023-28198 · Unknown · Dolibarr Erp/Crm
Name of the Vulnerable Software and Affected Versions: Dolibarr ERP CRM versions = 18.0.1 Description: The issue is related to improper input validation, which fails to strip certain PHP code from user-supplied input when creating a Website. This allows an attacker to inject and evaluate arbitrar...
WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover
Page Builder by SiteOrigin, a WordPress plugin with a million active installs that’s used to build websites via a drag-and-drop function, harbors two flaws that can allow full site takeover. According to researchers at WordPress, both security bugs can lead to cross-site request forgery CSRF and...
October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting
Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Date: 2018-04-03 Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user management for October CMS. Allows...
Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities
No description provided by source. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl::2006/Sites...
Multiple Vulnerabilities in Parallels® Plesk Sitebuilder
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder Author : alieye vendor : http://www.parallels.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl::2006/Sites ext:aspx inurl::2006 inurl:.ashx?media...
HiveMaker Professional <= 1.0.2 (cid) SQL Injection Vulnerability
No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV96$2008 ----------------------------------------------------------------------------------------- ECHOADV96$2008 HiveMaker Professional = 1.0.2 cid Sql Injection...
PHP Nuke 5.0 'user.php' Form Element Substitution Vulnerabilty
No description provided by source. source: http://www.securityfocus.com/bid/3107/info PHP-Nuke is a website creation/maintenance tool written in PHP3. If a malicious user may subtitute arbitrary values for image form elements in the PHP-Nuke User Registration Form by saving the webpage locallyas...
Parallels Plesk Sitebuilder Persistent Xss Vulnerability
Exploit for php platform in category web applications ======================================================== Parallels Plesk Sitebuilder Persistent Xss Vulnerability ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0...
Maxtrade AIO CMS LFI Vulnerabilty
Exploit for php platform in category web applications ================================= Maxtrade AIO CMS LFI Vulnerabilty ================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ ...
[ECHO_ADV_96$2008] HiveMaker Professional <= 1.0.2 (cid) Sql Injection Vulnerability
ECHOADV96$2008 ----------------------------------------------------------------------------------------- ECHOADV96$2008 HiveMaker Professional = 1.0.2 cid Sql Injection Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...
adv96-K-159-2008.txt
\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV96$2008 ----------------------------------------------------------------------------------------- ECHOADV96$2008 HiveMaker Professional = 1.0.2 cid Sql Injection Vulnerability...
HiveMaker Professional <= 1.0.2 (cid) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================= HiveMaker Professional = 1.0.2 cid SQL Injection Vulnerability ================================================================= \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / |...
Soholaunch Pro 4.9 r36 - Remote File Inclusion
Soholaunch Pro 4.9 r36 - Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV57$2006 ----------------------------------------------------------------------------------------------- ECHOADV57$2006Soholaunch Pro =4.9 r36 Multiple Remote File...
Sql injection in 3CFR
Author: r0t hackers.by.lv Date: 14. nov 2005 software: 3CFR vendor: http://www.3cfr.com/ software description: 3CFR solutions are dedicated to professional web sites creation and hosting. Especially designed for beginners wishing to get a professional showcase on Internet, 3CFR solutions offer a...