Sql injection

SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2011-5168

SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...

HDWiKi V5.1 盲注及xss

简要描述： HDWiki 在经过前面的大牛洗礼之后，变得越来越安全了，小菜我也只能找到几个盲注和xss而已 PS：求别忽略 PSS:漏洞是自己的，rank是剑心的，所以.....你懂得 。 详细说明： 在经过前面的大牛洗礼之后，变得越来越安全了，get被不分青红皂白的过滤掉一堆关键字，get注入几乎是不大可能的了，所以我只找了post 1 control/user.php 177 function doaegis 178 $id=$this-post'id'; //vulnerable 179 ifempty$id 180 $this-message-1,'',2; 181 182...

CVE-2012-0792

mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts...

CVE-2012-0792

mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts...

CVE-2012-0792

mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts...

CVE-2011-4308

mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors...

CVE-2011-4308

mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors...

HDWiki 5.1 control-user.php 远程密码修改漏洞

No description provided by source...

[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0

waraxe-2012-SA080 - Multiple Vulnerabilities in NextBBS 0.6.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-80.html Description of vulnerable software:...

NextBBS 0.6.0 Authentication Bypass / SQL Injection / XSS

waraxe-2012-SA080 - Multiple Vulnerabilities in NextBBS 0.6.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-80.html Description of vulnerable software:...

shopex旗下,ecshop跨站漏洞

简要描述： ecshop的跨站漏洞 详细说明： 在ecshop的根目录下的 user.php文件第57行中,未对url返回做过滤 如下 $backact = 'user.php?' . $SERVER'QUERYSTRING'; 未对$SERVER'QUERYSTRING';做过滤 即用户的url框中提交项.以此可插入js或html代码执行 漏洞证明： url如下: http://www.ecshop.cn/user.php?1'"/1prompt123456789...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter in a setup action to admin/company.php, or the PATHINFO to 2 admin/securityother.php, 3 admin/events.php, or 4 admin/user.php...

tipask question Answering System 1. 4 upload vulnerability-vulnerability warning-the black bar safety net

user.php the user operation function oneditimg //modify avatar if isset$FILES"Filedata" $uploadtmppath = "data/tmp/"; $fileName = 'bigavatar' . $this-user'uid' . '.' . substr$FILES"Filedata"'name', -3; moveuploadedfile$FILES"Filedata""tmpname", $uploadtmppath . $fileName; //This directly...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, 3 msn, or 4 aim parameter...

CVE-2011-1766

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an...

CVE-2011-1766

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an...

Web 2.0 Social Network Freunde Community - SQL Injection

Exploit Title: Web 2.0 Social Network Freunde Community SQL Injection Vunerability Google Dork: inurl:"user.php?userId=" +site:de Date: 08.02.2011 Author: NoNameMT Software Link: http://www.scripteverkauf.com/products/de/neuheiten/web-20-social-network-freunde-community.html Version: - Price: 79,...

Web 2.0 Social Network Freunde Community - SQL Injection

Web 2.0 Social Network Freunde Community - SQL Injection Exploit Title: Web 2.0 Social Network Freunde Community SQL Injection Vunerability Google Dork: inurl:"user.php?userId=" +site:de Date: 08.02.2011 Author: NoNameMT Software Link:...

axdcms-0.1.1 Local File Include Vulnerbility

Exploit for php platform in category web applications axdcms-0.1.1 === Local File Include Vulnerbility Author : n0n0x Homepage: http://priasantai.uni.cc/ Download script : http://biznetnetworks.dl.sourceforge.net/project/axdcms/axdcms/0.1.1/axdcms-0.1.1.zip exploit :...