CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

176 matches found

seebug.org•added 2014/07/01 12:0 a.m.•61 views

XMB Forum 1.6 Magic Lantern Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/4721/info XMB Forum 1.6 Magic Lantern is a web-based discussion forum. It is vulnerable to a number of cross-site scripting issues because of improper filtering of user input. 1. The first involves 'member.php'; submittin...

seebug.org•added 2014/07/01 12:0 a.m.•12 views

4images 1.7.1 member.php sessionid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/17748/info 4Images is prone to multiple, unspecified SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successf...

seebug.org•added 2014/07/01 12:0 a.m.•83 views

OpenBB 1.0.x member.php redirect Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL issues may...

seebug.org•added 2014/07/01 12:0 a.m.•19 views

MyPHP Forum <= 3.0 (Final) Multiple SQL Injection Vulnerabilities

No description provided by source. Name : MyPHP Forum = 3.0 Final Multiple Remote SQL Injection Vulnerability Author : x0kster Email : [email protected] Site : ihteam.net Script Download : http://www.myphp.ws/ Date : 31/12/2007 Dork : Powered by: MyPHP Forum Note: For work, magicquotesgpc must be...

seebug.org•added 2014/07/01 12:0 a.m.•14 views

4homepages 4images 1.7 Member.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17625/info 4images is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...

seebug.org•added 2014/07/01 12:0 a.m.•21 views

OpenBB 1.0/1.1 Member.PHP Remote SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7405/info It has been reported that OpenBB does not properly check input passed via the 'member.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the...

seebug.org•added 2014/07/01 12:0 a.m.•18 views

Oxygen2PHP <= 1.1.3 (member.php) SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0-Day Oxygen2PHP = 1.1.3 member.php Remote SQL Injection Exploit Coded By Dante90, WaRWolFz Crew Bug Discovered By: Dante90, WaRWolFz Crew use LWP::UserAgent; use HTTP::Cookies; use strict; my $UserName = shift or usage; my $HostName =...

seebug.org•added 2014/07/01 12:0 a.m.•24 views

FlashGameScript <= 1.7 (user) Remote SQL Injection Vulnerability

No description provided by source. FlashGameScript = 1.7 member.php$user SQL-Injection Exploit Vulnrability Discovered By: Xenduer77 ---July 7th, 2007 $user Is passed straight to the query without being filtered. SQL-INJECTION: For Version 1.7: -------...

seebug.org•added 2014/05/14 12:0 a.m.•17 views

PHPMyWind 4.6.6 /member.php SQL注入漏洞

No description provided by source...

seebug.org•added 2014/05/09 12:0 a.m.•17 views

PHPMYWIND V5.0 Sql Injection 两处。

简要描述：看到更新了我再来看看。一个文件中。详细说明：在member.php中 else if$a == 'savefavorite' $aid = isset$aid ? intval$aid : ''; $molds = isset$molds ? intval$molds : ''; $link = isset$SERVER'HTTPREFERER' ? htmlspecialchars$SERVER'HTTPREFERER' : ''; if$aid == '' or $molds == '' or $link == ''...

seebug.org•added 2014/04/16 12:0 a.m.•25 views

PHPMyWind任意用户密码重置

简要描述： PHPMyWind任意用户密码重置详细说明： phpmywind 4.6.6 在忘记密码，重置密码时，虽然后安全问题限制，但是在最后修改密码，update时，存在设计缺陷导致可轻松重置任意用户密码。文件member.php 在重置密码前有验证问题： //找回密码 else if$a == 'quesfind' if!isset$POST'uname' header'location:?c=findpwd'; exit; //验证输入数据 if$question == '-1' or $answer == '' header'location:?c=findpwd';...

seebug.org•added 2014/03/03 12:0 a.m.•191 views

phpmpsSQL注入漏洞之2

简要描述：过滤不严。详细说明：在member.php中 case 'delcom': $comid = trim$REQUEST'id'; $sql = "select userid from $tablecom where comid='$comid' "; $comuserid = $db-getOne$sql; if$comuserid!=$useridshowmsg'此信息不是您发布的，您不能修改'; $sql = "SELECT thumb FROM $tablecom WHERE comid IN $comid"; $image = $db-getOne$sql;...

seebug.org•added 2014/02/25 12:0 a.m.•21 views

phpmps 注入一枚

简要描述：过滤不严。详细说明：在member.php case 'checkinfogold': $json = new ServicesJSON; extract$REQUEST; $mgold = $db-getOne"select gold from $tablemember where userid='$userid' "; $data'kou' = $CFG'infotopgold' intval$number; $data'gold' = $mgold - $data'kou'; $data=$json-encode$data; echo $data; break;...

seebug.org•added 2013/12/06 12:0 a.m.•8 views

phpmps 2.3 /Member.php SQL注入漏洞

No description provided by source...

myhack58•added 2013/11/19 12:0 a.m.•19 views

phpmps_v2. 3 the latest version of the two SQL injection vulnerabilities-vulnerability warning-the black bar safety net

Brief description: PHPMPS on user-submitted parameters improper handling, leading to multipleSQL injectionvulnerabilities. Detailed description: member.php 4 2 2 - 4 5 5 ============================================================================================ case 'exchange': $units =...

myhack58•added 2013/08/19 12:0 a.m.•23 views

shopex ctl. member. php file SQL injection vulnerability-vulnerability warning-the black bar safety net

Issql injectionvulnerability testing version: shopex-singel-4.8.5.78660 File:\core\shop\controller\ctl.member.php function delTrackMsg if! empty$POST'deltrack' $oMsg = &$this-system-loadModel'resources/msgbox'; $oMsg-delTrackMsg$POST'deltrack'; $this-splash'success',...

ATTACKERKB•added 2012/08/31 9:55 p.m.•1 views

CVE-2011-5138

Cross-site scripting XSS vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action...

4.3CVSS5.7AI score0.00225EPSS

Exploits1References3

seebug.org•added 2012/06/06 12:0 a.m.•7 views

MyBB version 1.6.8 suffers from a remote SQL injection vulnerability

No description provided by source. Exploit Title: MyBB 1.6.8 Sql Injection Vulnerability Exploit Author: Mr.XpR Tested on: BackTrack Script Site : http://mybb.com MAil : No0PMatyahoodotcom -====Dork====- inurl:member.php?action=profile&uid= inurl:action=profile&uid=27 -====Exploit====-...

myhack58•added 2011/07/25 12:0 a.m.•12 views

phpcms2008-0day & phpcms 2 0 0 7 GBK version 0day injection scan script-vulnerability warning-the black bar safety net

Affected program: phpcms2008 gbk Vulnerability file: ask/searchajax.php code: ? php require './ include/common.inc.php'; requireonce MODROOT.'include/ask.class.php'; $ask = new ask; header'Content-type: text/html; charset=utf-8'; ifvia strtolowerCHARSET != 'utf-8' $q = iconvCHARSET, 'utf-8', $q;...

NVD•added 2011/04/07 2:23 p.m.•8 views

CVE-2010-4784

Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters...

6.8CVSS8.7AI score0.0187EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by