poll id software vulnerabilities
vulnerabilities.aspcode.net
Searching poll id software vulnerabilities
Eval injection vulnerability in comments.php in
vulnerability
|
commentsphp
|
injection
|
Advanced
|
Poll
|
Eval
|
Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
Advanced
|
Multiple
|
remote
|
Poll
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.
PHP remote file inclusion vulnerability in poll
vulnerability
|
poll_votephp
|
inclusion
|
Creator
|
remote
|
Poll
|
file
|
PHP
|
PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter.
Cross-site scripting (XSS) vulnerability in pop
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter.
SQL injection vulnerability in index.php in Php
Phpclanwebsite
|
vulnerability
|
injection
|
indexphp
|
SQL
|
SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.
Multiple SQL injection vulnerabilities in ASPPo
vulnerabilities
|
ASPPortal
|
injection
|
Multiple
|
SQL
|
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.
Multiple SQL injection vulnerabilities in Advan
vulnerabilities
|
injection
|
Advanced
|
Multiple
|
Poll
|
SQL
|
Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616.
Till Gerken phpPolls 1.0.3 allows remote attack
phpPolls
|
Gerken
|
Till
|
Till Gerken phpPolls 1.0.3 allows remote attackers to create a new poll via a direct request to phpPollAdmin.php3 with the poll_action parameter set to create.
SQL injection vulnerability in top.php in X-Scr
vulnerability
|
X-Scripts
|
injection
|
probably
|
X-Poll
|
topphp
|
SQL
|
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
attackers
|
arbitrary
|
parameter
|
SITE_Path
|
Multiple
|
execute
|
circeOS
|
SaveWeb
|
remote
|
Portal
|
allow
|
code
|
file
|
PHP
|
via
|
URL
|
Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687.
(1) Amazing Little Poll and (2) Amazing Little
(1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of "dsapoll", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php.
(1) Amazing Little Poll and (2) Amazing Little
(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).
SQL injection vulnerability in default1.asp in
vulnerability
|
default1asp
|
ASPPortal
|
injection
|
SQL
|
SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
Multiple
|
Creator
|
remote
|
Poll
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755.
Eval injection vulnerability in poll_frame.php
vulnerability
|
poll_framephp
|
CVE-2005-4632
|
arbitrary
|
parameter
|
attackers
|
injection
|
different
|
possibly
|
function
|
supplied
|
poll_id
|
execute
|
scripts
|
allows
|
remote
|
other
|
which
|
type
|
Vote
|
Eval
|
than
|
code
|
call
|
via
|
Pro
|
Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.
Multiple eval injection vulnerabilities in Vote
vulnerabilities
|
CVE-2007-0504
|
unspecified
|
attackers
|
arbitrary
|
parameter
|
different
|
injection
|
supplied
|
requests
|
possibly
|
Multiple
|
function
|
vectors
|
poll_id
|
scripts
|
earlier
|
execute
|
remote
|
allow
|
calls
|
which
|
code
|
than
|
eval
|
Vote
|
set
|
Pro
|
via
|
PHP
|
Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) f, (3) quote, and (4) act parameters to cp.php; the (5) u parameter to user.php; the (6) f parameter to post.php; the (7) s parameter to topic.php; the (8) quote, (9) t, (10) poll, and (11) p parameters to post.php; the (12) Message Title field of a private message (PM) in mode 6 of cp.php; the (13) title field of a private message (PM) in mode 7 of cp.php; and (14) allow user-assisted remote attackers to inject arbitrary web script or HTML via a dosearch action to search.php, which reflects the first lines of all posts by a user. NOTE: the act parameter to help.php and the p parameter to report.php are already covered by CVE-2006-4708. NOTE: vectors 12 and 13 might overlap CVE-2006-6283.1. NOTE: vector 14 might overlap CVE-2006-4708.b.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
iziContents
|
gsLanguage
|
attackers
|
inclusion
|
parameter
|
arbitrary
|
Multiple
|
execute
|
earlier
|
remote
|
allow
|
code
|
file
|
RC6
|
PHP
|
via
|
URL
|
Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the gsLanguage parameter to (1) search/search.php, (2) poll/inlinepoll.php, (3) poll/showpoll.php, (4) links/showlinks.php, or (5) links/submit_links.php in modules/.
Multiple directory traversal vulnerabilities in
vulnerabilities
|
iziContents
|
arbitrary
|
attackers
|
traversal
|
directory
|
Multiple
|
include
|
execute
|
earlier
|
remote
|
files
|
local
|
allow
|
via
|
RC6
|
Multiple directory traversal vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php.
Software vulnerabilities results 1 to 20 of 1061
Page:
1
2
3
4
5
...
54
►