Search Results | AttackerKB

91 Total Results

Displaying 81-90 of 91

Attacker Value

Unknown

CVE-2016-10901

Disclosure Date: August 21, 2019 (last updated November 27, 2024)

The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools.

Attacker Value

Unknown

CVE-2016-10902

Disclosure Date: August 21, 2019 (last updated November 27, 2024)

The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools.

Attacker Value

Unknown

CVE-2018-20626

Disclosure Date: March 21, 2019 (last updated November 27, 2024)

PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.

Attacker Value

Unknown

CVE-2018-20627

Disclosure Date: March 21, 2019 (last updated November 27, 2024)

PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.

Attacker Value

Unknown

CVE-2018-0603

Disclosure Date: June 26, 2018 (last updated November 26, 2024)

Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Attacker Value

Unknown

CVE-2017-17614

Disclosure Date: December 13, 2017 (last updated November 26, 2024)

Food Order Script 1.0 has SQL Injection via the /list city parameter.

Attacker Value

Unknown

CVE-2014-7683

Disclosure Date: October 21, 2014 (last updated October 05, 2023)

The Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Attacker Value

Unknown

CVE-2013-2501

Disclosure Date: March 22, 2013 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.

Attacker Value

Unknown

CVE-2008-3669

Disclosure Date: August 13, 2008 (last updated October 04, 2023)

SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

Attacker Value

Unknown

CVE-2008-1783

Disclosure Date: April 15, 2008 (last updated October 04, 2023)

Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.

91 Total Results

Displaying 81-90 of 91

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification