Microsoft Internet Connection Signup Wizard DLL Hijacking Exploit (smmscrpt.dll)

No description provided by source. Greetz to :b0nd, Fbih2s,r45c4l,Charles ,j4ckh4x0r, punter,eberly, Charles , Dinesh Arora Site : www.BeenuArora.com / Exploit Title: Microsoft Internet Connection Signup Wizard DLL Hijacking Date: 25/08/2010 Author: Beenu Arora Tested on: Windows XP SP3 Vulnerabl...

Pre Classified Listings SQL Injection Vulnerability

No description provided by source. ================================================================= Pre Classified Listings Remote SQL Injection Vulnerability ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Software...

Real Estate SQL Injection Vulnerability

No description provided by source. Description Linux And window Version available: This software is available in both windows and linux version. It runs on asp and php extension. Listings: We can add unlimited property listing, with the property photo. System automatically creates three thumbnail...

Social Engine 4.2.5 - Multiple Vulnerabilities

No description provided by source. Title: ====== Social Engine v4.2.5 - Multiple Web Vulnerabilities Date: ===== 2012-07-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=672 VL-ID: ===== 672 Common Vulnerability Scoring System: ==================================== 3...

CVE-2014-4187

Cross-site scripting XSS vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field...

CVE-2014-4187

Cross-site scripting XSS vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field...

Domain restricted signup is creating enabled users on ApacheDS

When a user signs up to a Confluence instance that has domain restricted sign up enabled, they are normally created as disabled users and are unable to login. However, when the underlying user directory does not support disabling users, such as ApacheDS 1.5, then the user ends up being created as...

PT-2014-5637 · WordPress · Participants Database

Name of the Vulnerable Software and Affected Versions: Participants Database plugin versions prior to 1.5.4.9 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the query parameter in an "output CSV" action to the "pdb-signup/" endpoint...

Factlink: Meta characters not filtered on signup

You have not filtered control meta characters such as %00 etc on the sign up which allows an attacker to impersonate or hide their real identity within the application...

Factlink: Sign up CSRF

Any user can be forced to sign up and presented with a home dash board . here is the csrf Save this any name.html and then double clik you will be presented as home panel authentication token is there but that is not preventing csrf issue . Remediation : Use CSRF token . Thanks CKN...

OkCupid: Reflected XSS on www.okcupid.com/signup

Reflected XSS on www.okcupid.com/signup Im using Live HTTP Header for this bug. 1 Go to https://www.okcupid.com/signup 2 Click on continue 3 Enter details 4 Live HTTP Headers or any HTTP Editor should be running before clicking "Next" button. 5 Edit the following POST Headers : Host:...

Localize: A Serious Bug on SIGNUP Process!

Hello, I found a bug on your registration/Sign UP process.. You should fix this one soon as Possible! With This bug, Attacker will able to create thousands of ID's on you application.. POC ------ it can be done in three 3 ways.. 1 By CSRF .. Copy You Registration FORM source only form code is...

Localize: XSS in Localize.io

During signup I used " as my password.Just after pressing sign up I was forwarded to a new page,where that page was showing my username and asked to click to view my password.When I clicked the javascript executed. Attachment: xss.png...

OkCupid: Xss high issue in www.okcupid.com main domain in users signup page

Xss high issue in www.okcupid.com main domain in users signup page Poc url : you can use any url below for reproduce xss issue https://www.okcupid.com/signup?nextpage=%2Fsignup%2Fpaths%2Fsplashnewinga%2F3.html4ee57alert"xss by...

Sql injection

Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 fbuserid or 2 twuserid parameter to signup...

CVE-2013-5354

Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 fbuserid or 2 twuserid parameter to signup...

CVE-2013-4951

Multiple cross-site scripting XSS vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 pass parameter in views/login.php or 3 name or 4 pass parameter in views/signup.php...

CVE-2013-4951

Multiple cross-site scripting XSS vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 pass parameter in views/login.php or 3 name or 4 pass parameter in views/signup.php...

Vulnerability in Facebook discloses Primary Email Address of any account

When you sign up on Facebook, you have to enter an email address and that email address becomes your primary email address on Facebook. In a recent disclosure by a Security researcher, Stephen Sclafani - The Social Networking site Facebook was vulnerable to disclosure of primary email address of...

Sharetronix 3.0.1 Cross Site Scripting

Exploit Title : xss signup sharetronix Designed By : amir.av727 Author : Ashiyane Digital Security Team Home : http://ashiyane.org Software Link : http://sharetronix.com Security Risk : High - xss Version : sharetronix 3.0.1 Exploit : 1-site.com/signup 2 . Copy "alert/Hacked By amir.av727/ In the...