63 matches found
excelmotorco.co.uk XSS vulnerability
Vulnerable URL: http://www.excelmotorco.co.uk/email.php?subject=%22%3E%3Csvg/onload=alert/XSSPOSED/%3E Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 13:50 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
xcitment.com XSS vulnerability
Vulnerable URL: http://www.xcitment.com/email.php?l=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 11:46 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown /...
trex.id.iit.edu XSS vulnerability
Vulnerable URL: https://trex.id.iit.edu/intranet/seeid/utils/email.php?email=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown /...
Wordpress Plugin Store Locator Plus 4.2.23 Email Injection
如果我们拥有有效的“钥匙”就可以发送邮件给任何人File: store-locator-le\include\send-email.phpif !wpverifynonce$REQUEST'valid','em' die; $messageheaders = "From: "$GET'emailname'"...
My Little Forum 1.3 Email.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9286/info my little forum is prone to a cross-site scripting vulnerability in the 'email.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via the URI...
AnnonceScriptHP 2.0 email.php id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these...
CVE-2012-4393
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use 1 addBookmark.php, 2 delBookmark.php, or 3 editBookmark.php in bookmarks/ajax/; 4 calendar/delete.php, 5 calendar/edit.php...
CVE-2009-3444
Cross-site scripting XSS vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 aka news to email action...
e107 0.7.16 Referer header xss
Exploit for unknown platform in category web applications ============================== e107 0.7.16 Referer header xss ============================== XSS: At page for sending news to email http://site/email.php?news.1 it's possible to conduct XSS attack via Referer header. Particularly it can be...
Property Watch 2.0 Cross Site Scripting
/ | | \ \ / / | | \ \ / / | |\ \ /\ / / | | | | | | \ V /| | | \ V V / | | || | || / ||| // ,|, | |/ | | | |/ / | ' \ | | / | | | | | | | |||,|| || || Property Watch v2.0 Remote XSS Vulnerabilities Discovered By : Moudi Contact : Download : http://www.propertywatchscript.com/ Greetings :...
Sql injection
Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to 1 email.php and 2 question.php, a different vector than CVE-2008-1909...
phpkb-1.5-email.php.txt
PHPKB Knowledge Base Software v1.5 Professional email.php - SQL Injection Vulnerability http://www.knowledgebase-script.com ---------------------------------------------------------- Bug founded by d3v1l Date: 20.09.2007 [email protected] ----------------------------------------------------------...
PHPKB 1.5 Professional Multiple Remote SQL Injection Vulnerabilities
Exploit for unknown platform in category web applications ==================================================================== PHPKB 1.5 Professional Multiple Remote SQL Injection Vulnerabilities ==================================================================== PHPKB Knowledge Base Software v1...
CVE-2003-1410
The CVE-2003-1410 entry refers to a PHP remote file inclusion in Cedric Email Reader (versions 0.2 and 0.3) where the cer_skin parameter in email.php (aka email.php3) can allow an attacker to execute arbitrary PHP code. Connected documents confirm the affected software and the vulnerability class...
CVE-2007-0354
CVE-2007-0354 affects MGB OpenSource Guestbook, versions
PT-2007-1825 · Mgb · Mgb Opensource Guestbook
Name of the Vulnerable Software and Affected Versions: MGB OpenSource Guestbook versions 0.5.4.5 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id parameter in the email.php file. Recommendations: For MGB OpenSource Guestbook...
MGB 0.5.4.5 - 'email.php?id' SQL Injection
!/usr/bin/perl MGB Google dork: intext:mgb.0.5.. & intext:mopzz | intext:mgb.0.5.4.. use IO::Socket::INET; usage unless @ARGV == 2; $host = $ARGV0; $dir = $ARGV1; $dir = "/$dir" if $dir ! /^//; $dir = "$dir/" if $dir ! //$/; $host = s/http:////g; $path =...
CVE-2006-6478
Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in a email.php, the 2 no parameter in b voirannonce.php, the 3 idmembre parameter in c admin/adminmembre/fichemembre.php, and the 4 idannonce parameter in ...
e107 email.php Arbitrary Mail Relay
The version of e107 installed on the remote host contains a script, 'email.php' that allows an unauthenticated user to send email messages to arbitrary users and to control, to a large degree, the content of those messages. This issue can be exploited to send spam or other types of abuse through...
CVE-2005-2818
CVE-2005-2818 concerns a cross-site scripting (XSS) vulnerability in DownFile 1.3. The issue arises from unvalidated input in the id parameter passed to four PHP scripts (email.php, index.php, del.php, add_form.php), enabling remote attackers to inject arbitrary JavaScript/HTML. The available doc...