Show filters
25 Total Results
Displaying 11-20 of 25
Sort by:
Attacker Value
Unknown

CVE-2016-10756

Disclosure Date: May 24, 2019 (last updated November 27, 2024)
Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself.
0
0
Attacker Value
Unknown

CVE-2017-17550

Disclosure Date: November 10, 2018 (last updated November 27, 2024)
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.
0
0
Attacker Value
Unknown

CVE-2018-11405

Disclosure Date: May 24, 2018 (last updated November 26, 2024)
Kliqqi 2.0.2 has CSRF in admin/admin_users.php.
0
0
Attacker Value
Unknown

CVE-2017-17889

Disclosure Date: April 22, 2018 (last updated November 26, 2024)
Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php.
0
0
Attacker Value
Unknown

CVE-2017-17902

Disclosure Date: April 22, 2018 (last updated November 26, 2024)
SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI.
0
0
Attacker Value
Unknown

CVE-2018-0539

Disclosure Date: March 22, 2018 (last updated November 26, 2024)
QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2018-0538

Disclosure Date: March 22, 2018 (last updated November 26, 2024)
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2018-0536

Disclosure Date: March 22, 2018 (last updated November 26, 2024)
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz.cgi.
0
0
Attacker Value
Unknown

CVE-2018-0537

Disclosure Date: March 22, 2018 (last updated November 26, 2024)
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz_op.cgi.
0
0
Attacker Value
Unknown

CVE-2014-5605

Disclosure Date: September 09, 2014 (last updated October 05, 2023)
The QQ Copy (aka com.digimobistudio.qqcopy) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
0
0
View More Topics  < Previous  Next >