CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

262 matches found

NVD•added 2017/09/11 8:29 p.m.•14 views

CVE-2015-8354

Cross-site scripting XSS vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the refer parameter to wp-admin/users.php...

6.1CVSS6.2AI score0.00533EPSS

Exploits3References4

CNVD•added 2017/08/24 12:0 a.m.•1 views

Apache2Triad Cross-Site Scripting Vulnerability

Apache2Triad is a server software deployment solution for Windows-based platforms. A cross-site scripting vulnerability exists in Apache2Triad version 1.5.4. A remote attacker can exploit this vulnerability by sending the 'account' parameter to the phpsftpd/users.php file to inject arbitrary web...

6.1CVSS6.2AI score0.02899EPSS

Exploits5References1

OSV•added 2017/08/23 4:29 p.m.•0 views

CVE-2017-12971

Cross-site scripting XSS vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php...

6.1CVSS5.9AI score0.02899EPSS

Exploits5References4

CVE•added 2017/08/23 4:0 p.m.•54 views

CVE-2017-12971

Apache2Triad 1.5.4 has a Persistent Cross-Site Scripting (XSS) vulnerability (CVE-2017-12971) in which an attacker can inject script/HTML via the account parameter to phpsftpd/users.php. The available sources confirm the affected product and vulnerable component (Apache2Triad 1.5.4) and the vulne...

6.1CVSS7AI score0.02899EPSS

Exploits5References4Affected Software1

Cvelist•added 2017/08/23 4:0 p.m.•15 views

CVE-2017-12970

Cross-site request forgery CSRF vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that 1 add or 2 delete user accounts via a request to phpsftpd/users.php...

9.1AI score0.00179EPSS

Exploits5References4

NVD•added 2017/07/27 6:29 a.m.•8 views

CVE-2017-11680

Cross-Site Request Forgery CSRF exists in Hashtopussy 0.4.0, allowing an admin password change via users.php...

8.8CVSS9AI score0.00134EPSS

Exploits1References1

Cvelist•added 2017/07/27 6:0 a.m.•16 views

CVE-2017-11680

Cross-Site Request Forgery CSRF exists in Hashtopussy 0.4.0, allowing an admin password change via users.php...

9AI score0.00134EPSS

Exploits1References1

Prion•added 2017/03/08 11:59 p.m.•5 views

Cross site scripting

Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/wwwadmin/users.php id parameter...

4.3CVSS5.9AI score0.0024EPSS

Exploits1References2Affected Software1

Cvelist•added 2017/03/08 11:0 p.m.•6 views

CVE-2017-6544

Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/wwwadmin/users.php id parameter...

6AI score0.0024EPSS

Exploits1References2

CVE•added 2017/03/08 11:0 p.m.•34 views

CVE-2017-6544

CVE-2017-6544 affects Gargaj/wuhu (wuhu-master) with a reflected XSS in wuhu-master/www_admin/users.php (id parameter). The vulnerability arises from insufficient input validation on the id parameter, enabling arbitrary script execution in victims’ browsers. Documented in NVD/CVE, CNVD-2017-03837...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References2Affected Software1

CNVD•added 2015/01/14 12:0 a.m.•3 views

WordPress plugin Simple Security '/wp-admin/users.php' has multiple cross-site scripting vulnerabilities

WordPress is a blogging platform developed using the PHP language that allows users to set up their weblogs on servers that support PHP and MySQL databases. The WordPress plugin Simple Security '/wp-admin/users.php' suffers from multiple cross-site scripting vulnerabilities because it fails to...

4.3CVSS6.6AI score0.00239EPSS

Exploits3References1

CVE•added 2015/01/01 11:0 a.m.•54 views

CVE-2011-5300

CVE-2011-5300 affects poMMo Aardvark PR16.1. a CSRF in admin/setup/config/users.php allows remote attackers to hijack administrator authentication by submitting requests that modify credentials via certain admin_ parameters. Root cause is a CSRF in the credential-modification flow. Impact describ...

6.8CVSS7.3AI score0.00121EPSS

Exploits1References1Affected Software1

seebug.org•added 2014/08/29 12:0 a.m.•18 views

oxwall 1.7.0 /users.php 跨站脚本漏洞

No description provided by source...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•12 views

Eggblog 3.1 admin/users.php add Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21134/info Eggblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•8 views

Geeklog 1.3.7 users.php uid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/6602/info Geeklog is prone to a cross-site scripting vulnerability in the 'users.php' script. This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker may create a...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•16 views

WEBInsta CMS <= 0.3.1 (users.php) Remote File Include Vulnerability

No description provided by source. / Vulnerable product : http://www.webinsta.com/download.html WEBInsta. CMS 0.3.1 Author : Yns - yns.zaxaz.com / Exploit: http://HOST/PATH/modules/usersonline/users.php?moduledir=REMOTEFILE milw0rm.com 2006-08-15...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•8 views

Phorum 5.1.20 include/controlcenter/users.php Multiple Method Remote Privilege Escalation

No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...

7.1AI score

Exploits0

Prion•added 2012/11/26 10:55 p.m.•9 views

Cross site scripting

Cross-site scripting XSS vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

4.3CVSS6.1AI score0.00642EPSS

Exploits1References3Affected Software1

securityvulns•added 2012/09/02 12:0 a.m.•91 views

Exploit Title: Mihalism Multi Host v 5.0

Exploit Title: Mihalism Multi Host v 5.0 Google Dork: intext:"powered by Mihalism Multi Host" Date: 2012/8/25 Discovered By : Explo!ter Software Link: http://www.mihalismscript.com/ Version: 5.0 Tested on: Linux Contact : Emperor-team.org Spt to : Stokke Details : ++++++++++++++++++++++++++ the...

7.1AI score

Exploits0

Packet Storm•added 2012/08/27 12:0 a.m.•20 views

Mihalism Multi Host 5.0 Cross Site Scripting

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by