EUVD-2015-2089

Malware in sbrugna...

CVE-2021-25048

The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them...

KingComposer <= 2.9.6 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them PoC Create profile: fetch"https://example.com/wp-admin/admin-ajax.php?action=kccreateprofile",...

CVE-2014-9618

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL...

Authentication flaw

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL...

CVE-2014-9618

The CVE-2014-9618 vulnerability affects Netsweeper’s Client Filter Admin portal (versions before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2). It allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL. Public sou...

CVE-2015-1984

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force...

Design/Logic Flaw

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force...

CVE-2015-1984

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force...

CVE-2005-4286

Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the 1 pass and 2 usr parameters in submit.php...

CVE-2005-4286

Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the 1 pass and 2 usr parameters in submit.php...

CVE-2005-4286

The CVE-2005-4286 entry concerns PhpLogCon prior to 1.2.2. It describes an unspecified vulnerability that could allow remote attackers to use arbitrary profiles via unknown vectors, likely stemming from an SQL injection in submit.php affecting the pass and usr parameters. The available documents ...

CVE-2005-2257

PhpSlash 0.8.0 is affected by a vulnerability in the saveProfile function that allows remote attackers to modify arbitrary profiles and gain privileges by changing the author_id parameter. The available sources (CVE/NVD) describe the flaw and its impact as complete confidentiality, integrity, and...

CVE-2005-2257

The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the authorid parameter...