340 matches found
ZeeCareers 2.x - PHP HR Manager Website (Cross-Site Scripting Authentication Bypass)
ZeeCareers 2.x - PHP HR Manager Website Cross-Site Scripting Authentication Bypass Title: ZeeCareers v2x - PHP HR Manager Website XSS / Auth Bypass Date: 12/12/2009 Author: bi0 Software Link: http://www.zeecareers.com/ Version: 2x CVE : Code : /\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 important parameter to editprofile.php and 2 pid parameter to report.php...
CVE-2009-3359
Multiple cross-site scripting XSS vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 important parameter to editprofile.php and 2 pid parameter to report.php...
4images 1.7.7 Bypass / Cross Site Scripting
|| || | || o,7 || . o7 || q||| o\, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait, PEACE... =Vuln: 4images = 1.7.7 - filter bypass HTML injection/XSS =INFO: =BUY: =DORK: -=/:Conditions:=- --------------------------------------------------------------------------------- ; Magic quotes...
Pre Real Estate Listings File Upload Vulnerability
No description provided by source. Pre Real Estate Listings login.php ByPass /File Upload Script:Pre Real Estate Listings HomePage:http://preproject.com/ Demo:http://preproject.com/ulisting/ Author:BackDoor By Pass Exploit: http://victim.com/scriptpath/login.php username:'or' password:'or' Live...
Gforge <= 4.6 rc1 (skill_edit) SQL Injection Vulnerability
No description provided by source. Gforge = 4.6 rc1 skilledit SQL injection Vendor Notified: 2008-10-06 Impact: zomg! Note: should work regardless magicquotesgpc setting. Requires: Creating an account and be logged in Vulnerable function: handlemultiedit$skillids on /www/people/skillsutils.php...
CVE-2008-3325
Cross-site request forgery CSRF vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page...
MFORUM 0.1a Arbitrary Add-Admin Vulnerability
No description provided by source. ================================================= MFORUM 0.1a Arbitrary Add-Admin Vulnerability ================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...
PhpBB Xs 2 profile.php Permanent Xss Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PhpBB Xs 2 profile.php Permanent Xss Vulnerability +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Found By Seph1roth +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ POST METHOD Corrupted page:...
Design/Logic Flaw
The 1 login, 2 admin profile edit, 3 reminder, 4 edit profile, 5 profile view, 6 gallery view, 7 gallery comment, and 8 gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors...
Cross site scripting
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to 1 the query string, 2 Profiles, 3 the Forum Post icon field, 4 the Edit Profile, and 5 the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting XSS...
CVE-2007-1181
WebAPP before 0.9.9.5 passes 1 Unused Informations and 2 the username through Edit Profile forms, which has unknown impact and attack vectors...
CVE-2007-1177
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to 1 the query string, 2 Profiles, 3 the Forum Post icon field, 4 the Edit Profile, and 5 the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting XSS...
CVE-2007-1177
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to 1 the query string, 2 Profiles, 3 the Forum Post icon field, 4 the Edit Profile, and 5 the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting XSS...
Design/Logic Flaw
WebAPP before 0.9.9.5 passes 1 Unused Informations and 2 the username through Edit Profile forms, which has unknown impact and attack vectors...
CVE-2007-1181
WebAPP before 0.9.9.5 passes 1 Unused Informations and 2 the username through Edit Profile forms, which has unknown impact and attack vectors...
Deserialization of untrusted data
profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action...
CVE-2006-2896
profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action...
CVE-2005-4613
Technical details for CVE-2005-4613 are not publicly available in the provided documents; the materials include only a general description of an XSS issue in VUBB alpha rc1. Monitor for updates.
CVE-2004-1863
Multiple cross-site scripting XSS vulnerabilities in XMB aka extreme message board 1.9 beta aka Nexus beta allow remote attackers to inject arbitrary web script or HTML via 1 the u2uheader parameter in editprofile.php, the restrict parameter in 2 member.php, 3 misc.php, and 4 today.php, and 5 an...