CVE-2008-7089

Cross-site scripting XSS vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors...

CVE-2008-7089

Cross-site scripting XSS vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors...

CVE-2008-6966

AJ Square AJ Auction Pro Platinum Skin 1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php...

Authentication flaw

AJ Square AJ Auction Pro Platinum Skin 1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php...

CVE-2009-2230

SQL injection vulnerability in inc/datahandlers/user.php in MyBB aka MyBulletinBoard before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter...

CVE-2009-2230

SQL injection vulnerability in inc/datahandlers/user.php in MyBB aka MyBulletinBoard before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter...

CVE-2009-2133

Multiple cross-site scripting XSS vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the 1 menu or 2 sort parameter to pivot/index.php, 3 the value of a check array parameter in a delete action to pivot/index.php, 4 the element name in a...

Gallarific (user.php) Arbirary Change Admin Information Exploit

No description provided by source. titre gallarific exploit /titre body bgcolor="000000" div id="content" h2font color="FFFFFF"change password /font/h2 form enctype="multipart/form-data" action="http://www.gallarific.com/demo/gadmin/users.php?task=edit&id=13" method="post" onsubmit="return...

Gallarific (user.php) Arbirary Change Admin Information Exploit

Exploit for unknown platform in category web applications =============================================================== Gallarific user.php Arbirary Change Admin Information Exploit =============================================================== gallarific exploit change password Founder : Emai...

Gallarific - 'user.php' Arbirary Change Admin Information

gallarific exploit change password Founder : Email: Script: HOME hhttp://www.gallarific.com/ Note:after change password go to login in control admin...

Sql injection

SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the ordersn parameter in an orderquery action...

CVE-2009-1622

SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the ordersn parameter in an orderquery action...

CVE-2009-1622

CVE-2009-1622 affects EcShop 2.5.0, where the order_query action in user.php is vulnerable to SQL injection via the order_sn parameter. Remote attackers could potentially execute arbitrary SQL commands due to insufficient input validation. The connected sources (NVD and CVE records) confirm the a...

CVE-2009-1489

includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter...

CVE-2009-1489

includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter...

ECShop 2.5.0 (order_sn) Remote SQL Injection Vulnerability

ecshop2.5.0 user.php存在sql注入漏洞 user.php 2176行： else if $action == 'orderquery' $ordersn = empty$GET'ordersn' ? '' : trimsubstr$GET'ordersn', 1; includeonceROOTPATH .'includes/clsjson.php'; $json = new JSON; $result = array'error'=0, 'message'='', 'content'=''; ifisset$SESSION'lastorderquery' iftim...

CS-Cart 'core/user.php' SQL注入漏洞

BUGTRAQ ID: 30979 CNCAN ID：CNCAN-2008090301 CS-Cart是一款基于PHP的WEB应用程序。 CS-Cart不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'core/user.php'脚本对用户提交给WEB参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 CS-Cart 1.3.5 可联系供应商获得补丁信息： http://www.cs-cart.com/...

CS-Cart <= 1.3.5 SQL Injection

GulfTech Security Research September 02, 2008 Vendor : CS-Cart.com URL : http://www.cs-cart.com/ Version : CS-Cart = 1.3.5 Risk : SQL Injection Description: CS-Cart Cart is a full featured online ecommerce application written in php that allows users to build, run and promote an online store. The...

Multiple vulnerabilities in Envolution

Здравствуйте 3APA3A! Сообщаю вам о найденных мною многочисленных уязвимостях в системе Envolution, в частности Insuficient Anti-automation и Cross-Site Scripting. Insuficient Anti-automation: Уязвимость в user.php в модуле NS-NewUser...