59 matches found
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password...
info-congres.com XSS vulnerability
Vulnerable URL: http://www.info-congres.com/account.php Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 05.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CMS Papoo Light 6.0.0 Rev 4701 allow remote attackers to inject arbitrary web script or HTML via the 1 author field to guestbook.php or 2 username field to account.php...
CVE-2014-9522
Multiple cross-site scripting XSS vulnerabilities in CMS Papoo Light 6.0.0 Rev 4701 allow remote attackers to inject arbitrary web script or HTML via the 1 author field to guestbook.php or 2 username field to account.php...
CVE-2014-4744
Multiple cross-site scripting XSS vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Phone Number field to open.php or 2 Phone number field, 3 passwd1 field, 4 passwd2 field, or 5 do parameter to account.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Phone Number field to open.php or 2 Phone number field, 3 passwd1 field, 4 passwd2 field, or 5 do parameter to account.php...
PHP Form & Survey Creator CSRF Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP Form & Survey Creator CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/php-form-survey-creator/29396/ Category:: webapps Demo : http://web.alumnionline.org/phpScripts/PHPFormCreator/admin/...
CVE-2009-4686
Cross-site scripting XSS vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the redurl parameter...
CVE-2009-4686
The CVE-2009-4686 entry describes a Cross-site scripting (XSS) vulnerability in the phplemon AdQuick 2.2.1 software, specifically in account.php where the red_url parameter can be exploited to inject arbitrary web script or HTML. Affected component: account.php. Root cause: insufficient input val...
AdQuick - account.php Cross-Site Scripting
AdQuick - account.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43477/info AdQuick is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
AdQuick - 'account.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/43477/info AdQuick is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
Cross site scripting
Cross-site scripting XSS vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information...
CVE-2008-6396
Cross-site scripting XSS vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information...
CeleronDude Uploader 6.1 - account.php Cross-Site Scripting
CeleronDude Uploader 6.1 - account.php Cross-Site Scripting source: https://www.securityfocus.com/bid/31010/info Celerondude Uploader is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...
CVE-2008-3874
Cross-site scripting XSS vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field aka Label == Value pairs. NOTE: some of these details are obtained from third party information...
CVE-2008-3874
CVE-2008-3874 describes a cross-site scripting (XSS) vulnerability in the Vanilla forum software. Affected product/version: Vanilla 1.1.5-rc1, 1.1.4, and earlier; vulnerable component: the file account.php . The underlying issue is an XSS flaw that allows remote authenticated users to inject arbi...
Directory traversal
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter to 1 includes/eventsapplicationtop.php; 2 english/account.php, 3 french/account.php, a...
CVE-2008-3758
Multiple cross-site scripting XSS vulnerabilities in Lussumo Vanilla 1.1.4 and earlier 1 allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the 2 Account picture...
CVE-2007-5062
The CVE-2007-5062 entry relates to the Flip 3.0 (and earlier) web application by Adam Scheinberg, where the vulnerable component is account.php. The underlying issue allows remote attackers to create administrative accounts via the un parameter in a register action, enabling privilege escalation ...