40 matches found
PT-2023-14930 · Ericsson · Ericsson Network Manager
Name of the Vulnerable Software and Affected Versions: Ericsson Network Manager ENM versions prior to 22.2 Description: The issue concerns a vulnerability in the REST endpoint "editprofile" where Open Redirect HTTP Header Injection can occur, potentially leading to the redirection of submitted...
CVE-2022-46407
Ericsson Network Manager ENM, versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to...
CVE-2022-46407
Ericsson Network Manager ENM, versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to...
CVE-2013-3932
SQL injection vulnerability in the Jomres comjomres component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php...
Sql injection
SQL injection vulnerability in the Jomres comjomres component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php...
Email address is not validated when updating user profile
On the view profile page /secure/ViewProfile.jspa it's possible to update your user profile /secure/EditProfile!default.jspa?username=admin to an invalid email address. See attached screenshots. !Screen Shot 2017-09-28 at 2.49.48 PM.png|thumbnail! !Screen Shot 2017-09-28 at 2.49.58...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lrealname field in the editProfile form to index.php/home/profile; the 2 datatitle or 3 datadescription field in the...
CVE-2015-1040
Multiple cross-site scripting XSS vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lrealname field in the editProfile form to index.php/home/profile; the 2 datatitle or 3 datadescription field in the...
XMB Forum 1.8 editprofile.php user Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. ...
ColdOfficeView 2.04 Multiple Blind SQL Injection Vulnerabilities
No description provided by source. ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities Vendor: http://www.coldgen.com/ Found by: mrme net-ninja.net PoC's 1. http://target/path/index.cfm?fuseaction=ViewEventDetails&EventID=Blind SQLi...
ColdOfficeView 2.04 Blind SQL Injection
ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities Vendor: http://www.coldgen.com/ Found by: mrme net-ninja.net PoC's 1. http://target/path/index.cfm?fuseaction=ViewEventDetails&EventID=Blind SQLi http://target/path/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=1 tr...
ColdOfficeView 2.04 Multiple Blind SQL Injection Vulnerabilities
Exploit for php platform in category web applications ================================================================ ColdOfficeView 2.04 Multiple Blind SQL Injection Vulnerabilities ================================================================ ColdGen - coldofficeview v2.04 Remote Blind SQL...
CVE-2009-4567
Multiple cross-site scripting XSS vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the 1 skype, 2 yahoo, 3 aol, 4 msn, or 5 jabber parameter in a profile2 action. NOTE: some of these details are obtained from third...
Sql injection
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731...
CVE-2009-2585
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731...
CVE-2007-5033
Cross-site scripting XSS vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profileinfo editprofile action...
CVE-2007-5033
The provided data confirms CVE-2007-5033 is an XSS vulnerability in profile.php of phpBB XS 2. The flaw allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action. Affected component: profile.php in phpBB XS 2; root cause: insuffi...
phpbb-permxss.txt
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PhpBB Xs 2 profile.php Permanent Xss Vulnerability +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Found By Seph1roth +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ POST METHOD Corrupted page:...
PHPReactor EditProfile.PHP远程文件包含漏洞
PHPReactor是一款基于PHP的WEB应用程序。 PHPReactor不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'editprofile.php'脚本对用户提交的"pathtohomedir"参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Angus D Madden PHPReactor 1.27pl1 http://freshmeat.net/projects/phpreactor/?branchid=7919&releaseid=87168...
PhpReactor 1.2.7pl1 - 'pathtohomedir' Remote File Inclusion
www.system-defacers.org Found By CeNGiZ-HaN [email protected] phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability Vulnerable Code in editprofile.php //INCLUDE DB FUNCTIONS if!defined"REACTORINCDB" include$pathtohomedir."/inc/db.inc.php"; //INCLUDE LANGUAGE FUNCTIONS...