liz0zim vulnerabilities and exploits

(subscribe to this query)

admin/administrator.php in Adult Script 1.6 and previous versions sends a redirect to the web browser but does not exit, which allows remote malicious users to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitr...

Adultscript Adultscript 1.6

1 EDB exploit

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote malicious users to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.

Sciurus Sciurus Hosting Panel 2.0.3

1 EDB exploit

Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the first parameter.

Ecardmax.com Hot Editor 4.0 Mybb Mybb Hot Editor Plugin

1 EDB exploit

SQL injection vulnerability in rss.php in Article Script 1.6.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the category parameter.

Article Script Article Script

1 EDB exploit

index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote malicious users to bypass security checks and upload or execute arbitrary php code via the add action.

Eduha Meeting Eduha Meeting

1 EDB exploit

Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote malicious users to inject arbitrary web script or HTML via the page parameter to load.php.

Shadowed Portal Shadowed Portal

1 EDB exploit

Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote malicious users to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.

Matt Wright Matt Wright Guestbook

1 EDB exploit

Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote malicious users to inject arbitrary web script or HTML via the f parameter.

Dvguestbook Dvguestbook 1.0

1 EDB exploit

Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1.2.2 allows remote malicious users to inject arbitrary web script or HTML via the page parameter.

Dvguestbook Dvguestbook 1.2.2

1 EDB exploit

Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 a...

Nathan Landry N8cms Sitesuite Cms 1.2 Nathan Landry N8cms Sitesuite Cms 1.1 Nathan Landry N8cms Sitesuite Cms 1.12

2 EDB exploits

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook