|
301421
|
- |
|
whcms_project
|
whcms
|
Cross-site request forgery (CSRF) vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via…
|
CWE-352
Origin Validation Error
|
CVE-2011-5315
|
2024-11-21 10:34 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301422
|
- |
|
redaxscript
|
redaxscript
|
templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
|
CWE-200
Information Exposure
|
CVE-2011-5314
|
2024-11-21 10:34 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301423
|
- |
|
redaxscript
|
redaxscript
|
Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_…
|
CWE-89
SQL Injection
|
CVE-2011-5313
|
2024-11-21 10:34 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301424
|
- |
|
gollos
|
gollos
|
Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to (1) register.aspx, (2) publication/info.…
|
CWE-79
Cross-site Scripting
|
CVE-2011-5312
|
2024-11-21 10:34 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301425
|
- |
|
cherry-design
|
wikipad
|
Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the data[text] …
|
CWE-352
Origin Validation Error
|
CVE-2011-5311
|
2024-11-21 10:34 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301426
|
- |
|
cherry-design
|
wikipad
|
Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
|
CWE-22
Path Traversal
|
CVE-2011-5310
|
2024-11-21 10:34 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301427
|
- |
|
cherry-design
|
wikipad
|
Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2011-5309
|
2024-11-21 10:34 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301428
|
- |
|
cdnvote_project
|
cdnvote
|
Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2)…
|
CWE-89
SQL Injection
|
CVE-2011-5308
|
2024-11-21 10:34 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301429
|
- |
|
photosmash_project
|
photosmash
|
Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2011-5307
|
2024-11-21 10:34 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301430
|
- |
|
zaunz_gmbh
|
cosmoshop
|
Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that mod…
|
CWE-352
Origin Validation Error
|
CVE-2011-5306
|
2024-11-21 10:34 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
