Lucene search
+L

326 matches found

Hacker One
Hacker One
added 2017/12/24 7:25 a.m.47 views

Unikrn: [unikrn.com] Profile updated with error":true,"success":false"

Greetings, We noticed that even if the https://unikrn.com/apiv2/user/updateprofile gave an answer that the code is on error , the post is proceeded : PoC : -- curl 'https://unikrn.com/apiv2/user/updateprofile' -XPOST -H 'Referer: https://unikrn.com/profile' -H 'Content-Type: application/json' -H...

7.3AI score
Exploits0
Atlassian
Atlassian
added 2017/09/28 9:47 p.m.26 views

Email address is not validated when updating user profile

On the view profile page /secure/ViewProfile.jspa it's possible to update your user profile /secure/EditProfile!default.jspa?username=admin to an invalid email address. See attached screenshots. !Screen Shot 2017-09-28 at 2.49.48 PM.png|thumbnail! !Screen Shot 2017-09-28 at 2.49.58...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/09/28 9:47 p.m.24 views

Email address is not validated when updating user profile

On the view profile page /secure/ViewProfile.jspa it's possible to update your user profile /secure/EditProfile!default.jspa?username=admin to an invalid email address. See attached screenshots. !Screen Shot 2017-09-28 at 2.49.48 PM.png|thumbnail! !Screen Shot 2017-09-28 at 2.49.58...

1.5AI score
Exploits0
Exploit DB
Exploit DB
added 2017/09/26 12:0 a.m.26 views

TicketPlus - Arbitrary File Upload

Exploit Title: TicketPlus - Support Ticket Management System - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://teamworktec.com/ Software Link: https://codecanyon.net/item/ticketplus-support-ticket-management-system/20221316 Demo: http://sportsgrand.com/demo/ticketplus/...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2016/03/28 5:32 p.m.27 views

Uber: SMS Flood with Update Profile

SMS will send when user update the profile and keep updating the user profile will result in keep sending the SMS, Step to reproduce 1. Login to https://riders.uber.com 2. Go to https://riders.uber.com/profile 3. Update the Account Information, any field for Example FirstName 4. A SMS wil be...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/01/20 11:33 a.m.9 views

change.org XSS vulnerability

Vulnerable URL: https://www.change.org/en-GB/profile/updateprofile Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 630 Google Pagerank| 7 VIP website status:| Yes Check change.org S...

6.3AI score
Exploits0
seebug.org
seebug.org
added 2015/09/24 12:0 a.m.17 views

ZeusCart 4.0 - CSRF 漏洞

No description provided by source. document.myform.submit;...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2012/12/18 12:0 a.m.20 views

MyBB Xbox Live ID Cross Site Scripting

Exploit Title: Xbox Live ID MyBB Plugin Stored XSS Date: 13/12/2012 Exploit Author: limb0 Vendor Homepage: http://www.leveleando.com Software Link: http://mods.mybb.com/view/profile-xbox-live-id Version: 1.0 Category:Web Security Tested on: Linux...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2011/07/08 12:0 a.m.40 views

Ubuntu: Security Advisory (USN-1165-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS6.5AI score0.01903EPSS
Exploits0References2
exploitpack
exploitpack
added 2008/12/29 12:0 a.m.11 views

TaskDriver 1.3 - Remote Change Admin Password

TaskDriver 1.3 - Remote Change Admin Password \n\n", $argv0; exit; list$script, $target, $pass = $argv; $xpl = curlinit; curlsetoptarray$xpl, array CURLOPTURL = "$target/profileedit.php", CURLOPTCOOKIE = "auth=fook!admin", CURLOPTRETURNTRANSFER = true, CURLOPTPOST = t...

0.2AI score
Exploits0
Prion
Prion
added 2008/04/25 6:5 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the profile update feature in Akiva WebBoard 8.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the form field. NOTE: the provenance of this information is unknown; the details are obtained solely from...

3.5CVSS5.5AI score0.00833EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2008/04/24 7:0 p.m.47 views

CVE-2008-1941

CVE-2008-1941 describes a cross-site scripting (XSS) vulnerability in the profile update feature of Akiva WebBoard 8.0. The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the update form field, due to inadequate input handling. The affect...

3.5CVSS5.1AI score0.00833EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/12/04 6:46 p.m.20 views

CVE-2007-6237

cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than...

9CVSS6.3AI score0.02739EPSS
Exploits0References4
CVE
CVE
added 2007/12/04 6:0 p.m.51 views

CVE-2007-6237

cp.php in DeluxeBB 1.09 fails to verify that the membercookie matches the authenticated member during profile updates, enabling remote authenticated users to change e-mails for arbitrary accounts via a modified membercookie parameter (a different vector than CVE-2006-4078). This can be leveraged ...

9CVSS6.3AI score0.02739EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/11/30 12:0 a.m.41 views

CVE-2007-6174

CVE-2007-6174 affects PHPDevShell prior to 0.7.0. The vuln allows remote authenticated users to escalate privileges by sending a crafted request to update a user profile, leading to complete confidentiality, integrity, and availability impact as per CVSS metrics (base score 8.5, HIGH). Root cause...

8.5CVSS6.5AI score0.01476EPSS
Exploits0References4Affected Software1
0day.today
0day.today
added 2007/11/26 12:0 a.m.20 views

DeluxeBB <= 1.09 Remote Admin Email Change Exploit

Exploit for unknown platform in category web applications ================================================== DeluxeBB unbufferedquery"UPDATE ".$prefix."users SET email='$xemail', msn='$xmsn', icq='$xicq', ... WHERE username='$membercookie'"; So, editing cookie "membercookie" you can change remote...

7.1AI score
Exploits0
NVD
NVD
added 2006/12/29 11:28 a.m.19 views

CVE-2006-6820

myprofile.asp in Enthrallweb eCoupons does not properly validate the MMrecordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MMrecordId parameter...

3.5CVSS6.2AI score0.01662EPSS
Exploits0References4
CVE
CVE
added 2006/12/29 11:0 a.m.52 views

CVE-2006-6821

The CVE concerns Enthrallweb eNews: myprofile.asp fails to validate MM_recordId during profile updates, allowing remote authenticated users to change certain fields of another account by supplying that account’s username in MM_recordId. No remediation details are provided in the supplied documents.

3.5CVSS6.5AI score0.01662EPSS
Exploits0References4Affected Software1
Exploit DB
Exploit DB
added 2006/12/23 12:0 a.m.40 views

Enthrallweb eNews 1.0 - Remote User Pass Change

User Id: PASSWORD: FIRST: LAST:...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2006/07/13 9:0 p.m.19 views

CVE-2006-3135

Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the 1 newsid parameter in the a news module, 2 searchstring parameter in b the search module, 3 id parameter in c the webshop module, 4...

8.5AI score0.01859EPSS
Exploits1References10
Rows per page
Query Builder