dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. Date published : 2019-03-07 https://github.com/dotCMS/core/issues/15286
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname. Date published : 2019-03-07 https://github.com/94fzb/zrlog/issues/39
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter. Date published : 2019-03-07 https://github.com/94fzb/zrlog/issues/37
An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service. Date published :...
Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because pluginsboxfilesmanagerfilesmanager.admin.php mishandles the forbidden_types variable. Date published : 2019-03-07 https://github.com/AlwaysHereFight/monstra_cms-3.0.4–getshell/blob/master/README.md
A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. Date published : 2019-03-07 https://github.com/seedis/zzcms/blob/master/SQL%20injection%20in%20%20addclass.md
zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. Date published : 2019-03-07 https://github.com/seedis/zzcms/blob/master/SQL%20injection%20in%20zs_elite.php.md
zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. Date published : 2019-03-07 https://github.com/seedis/zzcms/blob/master/SQL%20injection.md
XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. Date published : 2019-03-07 https://github.com/seedis/zzcms-xss/blob/master/README.md
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. Date published : 2019-03-07 https://github.com/seedis/zzcms/blob/master/README.md
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. Date published : 2019-03-07 https://github.com/Dolibarr/dolibarr/issues/9449
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. Date published : 2019-03-07 https://github.com/Dolibarr/dolibarr/issues/9449
An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request. Date published : 2019-03-07 https://github.com/Stephen-Tech/UCMS/blob/master/README.md
An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html. Date published : 2019-03-07 https://github.com/hyyyp/HYBBS/issues/1