[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 246171 Download | Alert*

JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news.

JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.

JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.

JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter.

index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginForm[username] and LoginForm[password] parameters, which might make it easier for remote attackers to obtain access via a brute-force approach.

Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids Delete action to Dynamiccontenttags.php.

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.

Interspire Email Marketer through 6.1.6 has SQL Injection via a checkduplicatetags tagname request to Dynamiccontenttags.php.

Interspire Email Marketer through 6.1.6 has SQL Injection via a deleteblock blockid[] request to Dynamiccontenttags.php.

Interspire Email Marketer through 6.1.6 has SQL Injection via an updateblock sortorder request to Dynamiccontenttags.php


Pages:      Start    10060    10061    10062    10063    10064    10065    10066    10067    10068    10069    10070    10071    10072    10073    ..   24617

© SecPod Technologies