CVE-2014-4187

CVE-2014-4187 affects ClipBucket: a cross-site scripting (XSS) vulnerability in signup.php, exploitable via the Username field. The underlying issue is improper input handling in the user signup flow, allowing injected scripts/HTML to be executed in the context of affected sessions. The OpenVAS e...

ClipBucket CMS Cross Site Scripting

@@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 pass parameter in views/login.php or 3 name or 4 pass parameter in views/signup.php...

CVE-2011-5190

Multiple cross-site scripting XSS vulnerabilities in Social Book Facebook Clone 2010 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to 1 signup.php, 2 lostpass.php, 3 login.php, 4 index.php, 5 helptos.php, 6 helpcontact.php, or 7 help.php...

PHPDug 2.0.0 Cross Site Scripting

´´´´´´´´´´´´´´´´´´´´´¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶´´´´´´´´´´´´´´´´´´´´´ ´´´´´´´´´´´´´´´´´¶¶¶¶¶¶´´´´´´´´´´´´´¶¶¶¶¶¶¶´´´´´´´´´´´´´´´´ ´´´´´´´´´´´´´´¶¶¶¶´´´´´´´´´´´´´´´´´´´´´´´¶¶¶¶´´´´´´´´´´´´´´ ´´´´´´´´´´´´´¶¶¶´´´´´´´´´´´´´´´´´´´´´´´´´´´´´¶¶´´´´´´´´´´´´ ´´´´´´´´´´´´¶¶´´´´´´´´´ ´´´´´´´´´´´´´´´´´´´´´´¶¶´´´´´´´´´...

Unfixed XSS vulnerability at www.new.fm

Security researcher kInGoFcHaOs, has submitted on 29/04/2008 a cross-site-scripting XSS vulnerability affecting www.new.fm, which at the time of submission ranked 93070 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/06/2008. It is currently...

Unfixed XSS vulnerability at www.rapidcounter.com

Security researcher st@rext, has submitted on 27/09/2007 a cross-site-scripting XSS vulnerability affecting www.rapidcounter.com, which at the time of submission ranked 247323 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/10/2007. It is...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFLFILEROOT parameter to 1 admin.php, 2 custompages.php, 3 draft.php, 4 faq.php, 5 leagues.php, 6 livedraft.php, 7 login.php, 8 myteam.php, 9 profile.php, 10...

CVE-2007-4333

CVE-2007-4333 describes multiple cross-site scripting (XSS) vulnerabilities in signup.php of Article Dashboard. The issue allows remote attackers to inject arbitrary web script or HTML via the parameters f_emailaddress, f_reemailaddress, and other unspecified fields. Connected sources corroborate...

Unrestricted file upload

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg...

e107 <= 0.7.8 (photograph) Arbitrary File Upload Vulnerability

No description provided by source. / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title e107 = 0.7.8 - Arbitrary File Upload...

Remote file inclusion

PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use...

CVE-2007-1631

CVE-2007-1631 concerns CLBOX 1.01, where the vulnerable file is signup.php and a remote attacker can cause arbitrary PHP code execution via a URL in the header parameter. The underlying cause is described as a PHP remote file inclusion vulnerability, with the header being defined through an inclu...

clbox-rfi.txt

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= CLBOX = signup.php header Remote File Include Vulnerability Script: CLBOX Version: 1.01 Download: http://clbox.8m.com/clbox.ZIP Discover: BorN To K!LL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bug in: signup.php Code: @include...

CLBOX <= (signup.php header) Remote File Include Vulnerability

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= CLBOX = signup.php header Remote File Include Vulnerability Script: CLBOX Version: 1.01 Download: http://clbox.8m.com/clbox.ZIP Discover: BorN To K!LL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bug in: signup.php Code: @include...

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

CVE-2006-3963

Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the 1 sitename parameter to a signup.php, and the 2 id, 3 deleteuserbanner, 4 viewmem, 5 viewmemunb, 6 viewunmem,or 7 deleteuser parameters to b admin.php...

TBE 4.0 XSS

The Banner Engine - tbe4.0 Native Solutions -------------------------- Cross Site Scripting XSS -------------------------- http://target.xx/top.php?action=search&catid=catid&text=3Cscript3Ealert22Ellipsis+Security+Test223C/script3E...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the 1 referral parameter to signup.php or 2 id parameter to members.php...

CVE-2006-2140

Multiple cross-site scripting XSS vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the 1 referral parameter to signup.php or 2 id parameter to members.php...