262 matches found
Mihalism Multi Host - users.php Cross-Site Scripting
Mihalism Multi Host - users.php Cross-Site Scripting source: https://www.securityfocus.com/bid/55237/info Mihalism Multi Host is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...
CVE-2012-2236
PHP Gift Registry 1.5.5 is vulnerable to a SQL injection in users.php (userid parameter in the edit action). The issue allows remote authenticated users to execute arbitrary SQL commands. This is caused by unsafely concatenated input in the edit workflow, enabling database command execution. The ...
PHP Gift Registry 1.5.5 - SQL Injection
PHP Gift Registry 1.5.5 - SQL Injection Exploit Title: PHP Gift Registry 1.5.5 SQL Injection Date: 02/22/12 Author: G13 Software Link: https://sourceforge.net/projects/phpgiftreg/ Version: 1.5.5 Category: webapps php Vulnerability The userid parameter in the users.php file is vulnerable to SQL...
PHP Gift Registry 1.5.5 - SQL Injection
Exploit Title: PHP Gift Registry 1.5.5 SQL Injection Date: 02/22/12 Author: G13 Software Link: https://sourceforge.net/projects/phpgiftreg/ Version: 1.5.5 Category: webapps php Vulnerability The userid parameter in the users.php file is vulnerable to SQL Injection. A user must be signed in to...
CVE-2011-4920
Multiple cross-site scripting XSS vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to 1 e107images/thumb.php or 2 rate.php, 3 resendname parameter to e107admin/users.php, and 4 link BBCode in user signatures...
CVE-2011-4669
The CVE-2011-4669 entry concerns a SQL injection in the WordPress Users plugin (wp-users.php) version 1.3 and potentially earlier. The vulnerability allows remote attackers to inject arbitrary SQL via the uid parameter to index.php, enabling unauthorized database operations. Root cause is imprope...
CVE-2010-4874
CVE-2010-4874 affects NinkoBB 1.3 RC5. Multiple XSS flaws in users.php allow injection of arbitrary script/HTML via parameters first_name, last_name, msn, and aim due to input sanitation error. This enables a remote attacker to execute scripts in a victim’s browser in the context of the vulnerabl...
CVE-2010-4874
Multiple cross-site scripting XSS vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, 3 msn, or 4 aim parameter...
glFusion 1.1.x/1.2.1 - 'users.php' SQL Injection
source: https://www.securityfocus.com/bid/46575/info glFusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data...
Greeklog CMS Blind SQL Injection
Title: Greeklog CMS Blind Sql Injection Vulnerability Dork:"Powered By Greeklog" Vulnerable Page : users.php?mode=Blind Sqli Author: H3X Credit: Sepehr Security Team Site :WWW.Sepehr-Team.Org Date:2011/2/22...
Nagios XI - 'users.php' SQL Injection
source: https://www.securityfocus.com/bid/42661/info Nagios XI is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...
CVE-2010-0636
Multiple cross-site scripting XSS vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the 1 tab parameter to users.php and the PATHINFO to 2 day.php, 3 month.php, and 4 week.php. NOTE: some of these details are...
PT-2009-6570 · Mybb · Mybb
Name of the Vulnerable Software and Affected Versions: MyBB versions 1.4.10 and earlier Description: The issue allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters when changing the user avatar fr...
Phorum Cross Site Scripting / Request Forgery
=cicatriz ==advisories= / / / / // / / // / o / / .-/ =Phorum 5.2.10 Cross-Site Scripting/Request Forgery==/= == =Advisory & Vulnerability Information=== Title: Phorum 5.2.10 Cross-Site Scripting/Request Forgery Advisory ID: VUDO-2009-1504 Advisory URL: http://research.voodoo-labs.org/advisories/...
CVE-2009-0324
Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the 1 idp parameter to reports/projects.php, the 2 idc parameter to reports/contacts.php, and the 3 idu parameter to reports/users.php...
Sql injection
Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the 1 idp parameter to reports/projects.php, the 2 idc parameter to reports/contacts.php, and the 3 idu parameter to reports/users.php...
Wordpress 2.7.0 admin remote code execution vulnerability-vulnerability warning-the black bar safety net
by Ryatpuretot mail: puretot at gmail dot com team: http://www.80vul.com date: 2008-12-18 Analysis: This vulnerability out in the background: wp-admin/post.php if currentusercan'editpost', $postID if $last = wpcheckpostlock $post-ID $lastuser = getuserdata $last ; $lastusername = $lastuser ?...
CVE-2008-5434
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 orderby or 2 direction parameter to admin/users.php, or 3 configuration options to admin/settings.php...
Sql injection
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 orderby or 2 direction parameter to admin/users.php, or 3 configuration options to admin/settings.php...
CVE-2008-5434
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 orderby or 2 direction parameter to admin/users.php, or 3 configuration options to admin/settings.php...