MODX Revolution allows XSS through extended user fields

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as a Container name or Attribute name...

CVE-2020-35720

Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields first name, last name, and logon name when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the...

CVE-2020-35720

Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields first name, last name, and logon name when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the...

PT-2020-14592 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.9.19 and earlier Description: An issue was discovered where internal read-only fields in the User table class could be modified by users. Recommendations: For Joomla! versions 3.9.19 and earlier, update to a version that...

curl: NTLM buffer overflow via integer overflow

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service integer overflow and resultant buffer overflow, and application crash or possibly have unspecified other impact via vectors involving long user and password fields...

ALPINE-CVE-2017-8816

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service integer overflow and resultant buffer overflow, and application crash or possibly have unspecified other impact via vectors involving long user and password fields...

Digium Asterisk Open Source Buffer Overflow Vulnerability

Digium Asterisk Open Source and Certified Asterisk is open source telephone switch PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, Interactive Voice Response IVR and more. A buffer overflow vulnerability exists in Digium Asterisk Open Source...

UBUNTU-CVE-2016-1912

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lastname, 2 firstname, 3 email, 4 job, or 5 signature parameter to htdocs/user/card.php...

GOOGLE shopping built Station system injection vulnerability-vulnerability warning-the black bar safety net

Find an injection point http://www.xxx.com /DiaryA. asp? UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389 Habitual plus’having1=1-- http://www.xxx.com.tw/DiaryA.asp?UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389’having 1=1— ! Broke DiaryA. dlTitle（this time very excited.） Then continu...

CVE-2009-1409

SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320...

CVE-2009-1409

The CVE-2009-1409 entry describes an SQL injection in e107 (versions up to 0.7.15 and earlier) affecting usersettings.php when Extended User Fields is enabled and magic_quotes_gpc is disabled. An attacker can craft the hide parameter to execute arbitrary SQL commands remotely. The description spe...

e107 0.7.15 - extended_user_fields Blind SQL Injection

e107 0.7.15 - extendeduserfields Blind SQL Injection !/usr/bin/env perl e107 dbUpdate"userextended", $uefields." WHERE userextendedid = '".intval$inp."'"; ue POST variable needs a valid key such as "aim","msn" or other userextendedfields @fields array. Fix this sql injection using php function...

PHP Classifieds 6.20 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities

PHP Classifieds 6.20 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities source: https://www.securityfocus.com/bid/28521/info PHP Classifieds is prone to multiple cross-site scripting vulnerabilities and an authentication-bypass vulnerability. An attacker may leverage these issu...

CVE-2004-2138

Cross-site scripting XSS vulnerability in AWSguest.php in AllWebScripts MySQLGuest allows remote attackers to inject arbitrary HTML and PHP code via the 1 Name, 2 Email, 3 Homepage or 4 Comments field...

PHP-Nuke 7.1 Recommend_Us Module - 'fname' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9879/info It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search'...

CVE-2003-1031

Cross-site scripting XSS vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as 1 "Interests-Hobbies", 2 "Biography", or 3 "Occupation."...

CVE-2002-0730

Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as 1 Name, 2 EMail, or 3 Homepage...