MODx Revolution CMS Cross Site Scripting

getObject'modUser',array 30: 'username' = $POST'username', 31: ; ... 71: else if !empty$POST'forgotlogin' 72: $c = $modx-newQuery'modUser'; 73: $c-selectarray'modUser.','Profile.email','Profile.fullname'; 74: $c-innerJoin'modUserProfile','Profile'; 75: $c-wherearray 76: '...

CVE-2010-4402

The CVE refers to WordPress Register Plus Plugin before or at version 3.5.1, where wp-login.php exposes multiple XSS flaws. The root cause is unsanitized/reflective input in the register action, enabling remote attackers to inject arbitrary script or HTML via the 9 parameters: firstname, lastname...

WordPress Register Plus Plugin <= 3.5.1 - Multiple XSS

Because of these vulnerabilities in wp-login.php, the attackers can inject arbitrary web script or HTML via the "website", "aim", "yahoo", "jabber", "firstname", "lastname", "about", "pass1", and "pass2" parameters in a register action. Solution Update the plugin...

Pre Hospital Management System SQL Injection

In The Name Of GOD + Exploit Title: PRE HOSTPITAL MANAGEMENT SYSTEM SQL Bypass Vulnerability + Date: 2010-11-13 + Author : Cru3l.b0y + Software Link: http://www.preproject.com/hms.asp + Price : 750.00$ + Contact : [email protected] + Website : WwW.PenTesters.IR + Greeting: Behzad, Ahmad,...

CVE-2010-3481

Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password variables, possibly related to include/classes/Login.php. NOTE: some of these details are...

CVE-2010-3481

CVE-2010-3481 affects ApPHP PHP MicroCMS 1.0.1. It discloses multiple SQL injection vulnerabilities in login.php when magic_quotes_gpc is disabled, allowing remote attackers to potentially execute arbitrary SQL via (1) user_name and (2) password variables, possibly tied to include/classes/Login.p...

CVE-2010-3481

Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password variables, possibly related to include/classes/Login.php. NOTE: some of these details are...

CVE-2010-3314

CVE-2010-3314 is a cross-site scripting (XSS) vulnerability in EGroupware: login.php vulnerable in EGroupware 1.4.001+.002 and 1.6.001+.002 (and EPL 9.1 pre-9.1.20100309, 9.2 pre-9.2.20100309). The lang parameter can inject arbitrary script/HTML. Affected versions include 1.6.x before 1.6.003 and...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 txtusername parameter to login.php, 2 todo parameter to newtodo.php, and unspecified vectors to 3 newtelephone.php and 4...

Oracle Secure Backup Administration uname Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of user input to the uname variable of the login.php script running on th...

CVE-2009-4933

Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the 1 txtUserId Username and 2 txtPassword Password parameters. NOTE: some of these details are obtained from third party information...

CVE-2009-4933

Multiple SQL injection vulnerabilities in login.php in EZ Webitor are documented under CVE-2009-4933. The issue is triggered by unvalidated input in two parameters, txtUserId (Username) and txtPassword (Password), allowing remote attackers to execute arbitrary SQL commands. The description consis...

Task Freak Cross Site Scripting and SQL Injection Vulnerabilities

This host is running Task Freak and is prone to Cross Site Scripting and SQL Injection vulnerabilities. OpenVAS Vulnerability Test $Id: gbtaskfreakxssnsqlinjvuln.nasl 7573 2017-10-26 09:18:50Z cfischer $ Task Freak Cross Site Scripting and SQL Injection Vulnerabilities Authors: Madhuri D Copyrigh...

ASRC Really Simple Chat 3.3 Cross Site Scripting / Remote File Inclusion

= ARSC Really Simple Chat V3.3 Remote File Inclsion & Cross Site Scripting Vulnerability = Author : Zer0 Thunder = Home : http://colombohackers.com = Download : http://sourceforge.net/projects/arsc/ = Date : 06/25/2010 Remote File Inclusion ---...

Sql injection

Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 Username and 2 password fields...

Sql injection

Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter...

CVE-2010-2135

The vulnerability CVE-2010-2135 affects HazelPress Lite (

CVE-2010-2134

Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter...

CVE-2010-2134

CVE-2010-2134 involves multiple SQL injection vulnerabilities in login.php of Project Man 1.0 and older. The underlying issue is improper handling of the (username, password) parameters, allowing remote attackers to craft SQL that may be executed by the database. Affected product/version: Project...

eclime v1.1 (File Disclosure) Vulnerabilities

Exploit for php platform in category web applications ============================================= eclime v1.1 File Disclosure Vulnerabilities ============================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...