myBloggie 2.1.2/2.1.3 edituser.php errormsg Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

powermovielist 0.14b (sql/xss) Multiple Vulnerabilities

No description provided by source. =============================================================================================== Found : brainpillow Dork : PowerMovieList 0.14 Beta Copyright Visit : brainpillow.cc, forum.antichat.ru, raz0r.name Mail : [email protected]...

AlstraSoft SMS Text Messaging Enterprise 2.0 admin/edituser.php userid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25022/info SMS Text Messaging Enterprise is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

CVE-2012-0987

Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the icmsConfigPluginssanitizerplugins parameter...

CVE-2012-1992

Cross-site scripting XSS vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter aka the Email Address field in the Edit User template...

Cuteflow 2.10.3 edituser.php Security Bypass Vulnerability

Exploit for unknown platform in category web applications ========================================================== Cuteflow 2.10.3 edituser.php Security Bypass Vulnerability ========================================================== It's possible edit the users including the admin account,...

Cuteflow 2.10.3 - edituser.php Security Bypass

Cuteflow 2.10.3 - edituser.php Security Bypass It's possible edit the users including the admin account, bypassing the authentication through the address: http://localhost/cuteflow/pages/edituser.php?userid=1&language=pt&sortby=st rLastName&sortdir=ASC&start=1 The vulnerability is caused due to t...

Cuteflow 2.10.3 edituser.php Security Bypass Vulnerability

No description provided by source. It's possible edit the users including the admin account, bypassing the authentication through the address: http://localhost/cuteflow/pages/edituser.php?userid=1&language=pt&sortby=st rLastName&sortdir=ASC&start=1 The vulnerability is caused due to the applicati...

Cuteflow 2.10.3 - 'edituser.php' Security Bypass

It's possible edit the users including the admin account, bypassing the authentication through the address: http://localhost/cuteflow/pages/edituser.php?userid=1&language=pt&sortby=st rLastName&sortdir=ASC&start=1 The vulnerability is caused due to the application not properly restricting access ...

CVE-2009-1767

admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the 1 loginname, 2 password, 3 email, 4 firstname, or 5 lastname parameter...

CVE-2009-1767

CVE-2009-1767 involves admin/edituser.php in the 2daybiz Template Monster Clone, where no administrative authentication is required. This permits remote attackers to modify arbitrary accounts via the parameters loginname, password, email, firstname, and lastname. The NVD lists a CVSSv2 base score...

2DayBiz Template Monster Clone - 'edituser.php' Change Pass

Template Monster Clone Change Password 2daybiz Template Monster Clone Add Categoty Add Templates Edit Templates Show Templates -- &nbsp Login Namee font size="5"...

2daybiz Template Monster Clone (edituser.php) Change Pass Exploit

Exploit for unknown platform in category web applications ================================================================= 2daybiz Template Monster Clone edituser.php Change Pass Exploit ================================================================= Template Monster Clone Change Password...

2daybiz Template Monster Clone (edituser.php) Change Pass Exploit

No description provided by source. title Template Monster Clone Change Password /title /head head /head body bgcolor="000000" pfont size="6" color="FF0000"a href="http://www.2daybiz.com/" font color="FF0000"2daybiz/font/a Template Monster Clone /font/p TABLE border=0 width=780 align=center TR...

PowerMovieList 0.14b XSS / SQL Injection

=============================================================================================== Found : brainpillow Dork : "PowerMovieList 0.14 Beta Copyright" Visit : brainpillow.cc, forum.antichat.ru, raz0r.name Mail : [email protected]...

CVE-2008-1632

Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 listid parameter to pages/editmailingliststep1.php, the 2 userid parameter to pages/edituser.php, the 3 fieldid parameter to pages/editfield.php, and the 4...

CVE-2007-6545

Multiple cross-site scripting XSS vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 the subject parameter to modules/news/submit.php; 2 the PATHINFO to modules/news/index.php, possibly related to the XoopsPageNav class; or 3 an avatar image...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 the subject parameter to modules/news/submit.php; 2 the PATHINFO to modules/news/index.php, possibly related to the XoopsPageNav class; or 3 an avatar image...

CVE-2007-6545

Multiple cross-site scripting XSS vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 the subject parameter to modules/news/submit.php; 2 the PATHINFO to modules/news/index.php, possibly related to the XoopsPageNav class; or 3 an avatar image...

CVE-2006-4417

SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the useravatar parameter...