WordPress < 2.8.4 'wp-login.php' 'key' Parameter Remote Administrator Password Reset (uncredentialed check)

According to its version number, the version of WordPress running on the remote server has a flaw in the password reset mechanism. Validation of the secret user activation key can be bypassed by providing an array instead of a string. This allows anyone to reset the password of the first user in...

CVE-2009-2209

SQL injection vulnerability in rscmsmodnewsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter...

Sql injection

SQL injection vulnerability in rscmsmodnewsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter...

CVE-2008-6108

Cross-site scripting XSS vulnerability in result.php in Galatolo WebManager GWM 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter...

CVE-2008-4435

Multiple cross-site scripting XSS vulnerabilities in the RMSOFT Downloads Plus rmdp module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the 1 key parameter to search.php and the 2 id parameter to down.php...

Cisco Unified Communications Manager key参数SQL注入漏洞

BUGTRAQ ID: 27775 CVECAN ID: CVE-2008-0026 Cisco Unified Communications Manager（CUCM，之前被称为CallManager）是Cisco IP电话解决方案中的呼叫处理组件。 CUCM的管理员和用户界面页面的key参数存在SQL注入漏洞，远程攻击者可能利用此漏洞获取敏感信息。 攻击者可以在管理员或用户界面页面的key参数中输入特制值触发SQL注入漏洞，可通过Web界面使用http或https协议来执行攻击，成功攻击可以终止SQL调用，强制到后端数据库的连接，导致泄露敏感信息，如用户名和口令哈希。 Cisco...

CVE-2007-6616

CVE-2007-6616 describes a Cross-site Scripting (XSS) flaw in SimpleForum, exploitable via the searchkey parameter in the search action of simpleforum.cgi. Affected software includes SimpleForum 4.6.2 and earlier releases. The vulnerability allows remote attackers to inject arbitrary web script or...

CVE-2006-5640

SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter...

Techno Dreams Guestbook 1.0 (key) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Techno Dreams Guestbook 1.0 key Remote SQL Injection Vulnerability ==================================================================== Title : Techno Dreams Guestbook v1...

CVE-2006-0546

Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in t...