Lucene search
K

40 matches found

Positive Technologies
Positive Technologies
added 2023/06/29 12:0 a.m.5 views

PT-2023-14930 · Ericsson · Ericsson Network Manager

Name of the Vulnerable Software and Affected Versions: Ericsson Network Manager ENM versions prior to 22.2 Description: The issue concerns a vulnerability in the REST endpoint "editprofile" where Open Redirect HTTP Header Injection can occur, potentially leading to the redirection of submitted...

4.8CVSS5.3AI score0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/29 12:0 a.m.33 views

CVE-2022-46407

Ericsson Network Manager ENM, versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to...

5.7AI score0.00347EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/29 12:0 a.m.10 views

CVE-2022-46407

Ericsson Network Manager ENM, versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to...

7.4AI score0.00347EPSS
Exploits0References1
NVD
NVD
added 2020/01/02 8:15 p.m.15 views

CVE-2013-3932

SQL injection vulnerability in the Jomres comjomres component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php...

8.8CVSS8.8AI score0.01758EPSS
Exploits0References3
Prion
Prion
added 2020/01/02 8:15 p.m.15 views

Sql injection

SQL injection vulnerability in the Jomres comjomres component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php...

6.5CVSS8.6AI score0.01758EPSS
Exploits0References3Affected Software1
Atlassian
Atlassian
added 2017/09/28 9:47 p.m.26 views

Email address is not validated when updating user profile

On the view profile page /secure/ViewProfile.jspa it's possible to update your user profile /secure/EditProfile!default.jspa?username=admin to an invalid email address. See attached screenshots. !Screen Shot 2017-09-28 at 2.49.48 PM.png|thumbnail! !Screen Shot 2017-09-28 at 2.49.58...

1.5AI score
Exploits0Affected Software1
Prion
Prion
added 2015/01/15 3:59 p.m.9 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lrealname field in the editProfile form to index.php/home/profile; the 2 datatitle or 3 datadescription field in the...

3.5CVSS5.7AI score0.01618EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2015/01/15 3:0 p.m.23 views

CVE-2015-1040

Multiple cross-site scripting XSS vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lrealname field in the editProfile form to index.php/home/profile; the 2 datatitle or 3 datadescription field in the...

5.4AI score0.01618EPSS
Exploits1References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

XMB Forum 1.8 editprofile.php user Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

ColdOfficeView 2.04 Multiple Blind SQL Injection Vulnerabilities

No description provided by source. ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities Vendor: http://www.coldgen.com/ Found by: mrme net-ninja.net PoC's 1. http://target/path/index.cfm?fuseaction=ViewEventDetails&EventID=Blind SQLi...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/09/08 12:0 a.m.29 views

ColdOfficeView 2.04 Blind SQL Injection

ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities Vendor: http://www.coldgen.com/ Found by: mrme net-ninja.net PoC's 1. http://target/path/index.cfm?fuseaction=ViewEventDetails&EventID=Blind SQLi http://target/path/index.cfm?fuseaction=ViewEventDetails&EventID=1 and 1=1 tr...

1.1AI score
Exploits0
0day.today
0day.today
added 2010/09/07 12:0 a.m.15 views

ColdOfficeView 2.04 Multiple Blind SQL Injection Vulnerabilities

Exploit for php platform in category web applications ================================================================ ColdOfficeView 2.04 Multiple Blind SQL Injection Vulnerabilities ================================================================ ColdGen - coldofficeview v2.04 Remote Blind SQL...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2010/01/05 6:31 p.m.22 views

CVE-2009-4567

Multiple cross-site scripting XSS vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the 1 skype, 2 yahoo, 3 aol, 4 msn, or 5 jabber parameter in a profile2 action. NOTE: some of these details are obtained from third...

5.4AI score0.01252EPSS
Exploits1References4
Prion
Prion
added 2009/07/24 4:30 p.m.12 views

Sql injection

SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731...

7.5CVSS8.7AI score0.01199EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2009/07/24 4:30 p.m.14 views

CVE-2009-2585

SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731...

7.5CVSS8.2AI score0.0101EPSS
Exploits0References4
NVD
NVD
added 2007/09/21 7:17 p.m.12 views

CVE-2007-5033

Cross-site scripting XSS vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profileinfo editprofile action...

4.3CVSS5.7AI score0.01065EPSS
Exploits0References5
CVE
CVE
added 2007/09/21 6:0 p.m.42 views

CVE-2007-5033

The provided data confirms CVE-2007-5033 is an XSS vulnerability in profile.php of phpBB XS 2. The flaw allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action. Affected component: profile.php in phpBB XS 2; root cause: insuffi...

4.3CVSS5.7AI score0.01065EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2007/09/21 12:0 a.m.27 views

phpbb-permxss.txt

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PhpBB Xs 2 profile.php Permanent Xss Vulnerability +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Found By Seph1roth +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ POST METHOD Corrupted page:...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/12/06 12:0 a.m.17 views

PHPReactor EditProfile.PHP远程文件包含漏洞

PHPReactor是一款基于PHP的WEB应用程序。 PHPReactor不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'editprofile.php'脚本对用户提交的"pathtohomedir"参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Angus D Madden PHPReactor 1.27pl1 http://freshmeat.net/projects/phpreactor/?branchid=7919&releaseid=87168...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/07/31 12:0 a.m.42 views

PhpReactor 1.2.7pl1 - 'pathtohomedir' Remote File Inclusion

www.system-defacers.org Found By CeNGiZ-HaN [email protected] phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability Vulnerable Code in editprofile.php //INCLUDE DB FUNCTIONS if!defined"REACTORINCDB" include$pathtohomedir."/inc/db.inc.php"; //INCLUDE LANGUAGE FUNCTIONS...

7.4AI score
Exploits0
Rows per page
Query Builder