myinobas.de XSS vulnerability

Open Bug Bounty ID: OBB-53070 Description| Value ---|--- Affected Website:| myinobas.de Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

CVE-2014-9039

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message...

CVE-2014-9039

CVE-2014-9039 affects WordPress versions prior to 4.0.1 for the 4.x line and older 3.x branches: remote password resets could be triggered if an attacker gains access to the email account that received the reset message. The explicit vulnerable ranges are WordPress before 3.7.5, 3.8.x before 3.8....

CVE-2014-9033

CVE-2014-9033 is a CSRF vulnerability in WordPress affecting wp-login.php that could allow an attacker to hijack a user’s authentication by tricking them into performing a password change. The advisory data lists affected WordPress versions as 3.7.4, 3.8.4, 3.9.2, and 4.0, with remediation indica...

WordPress <= 4.0.0 - Multiple Vulnerabilities #1

There are multiple vulnerabilities in WordPress wp-login.php, such as cross site scripting, denial of service attacks, hash comparison, SSRF, CSRF. Because of these vulnerabilities, attackers can reset passwords by leveraging access to an e-mail account that received a password-reset message...

WordPress <= 4.0.0 - CSRF

Because of this vulnerability in wp-login.php, the attackers can hijack the authentication of arbitrary users for requests that reset passwords. Solution Update WordPress...

Sql injection

SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2011-2944

CVE-2011-2944 affects MegaLab The Uploader prior to version 2.0.5. The login.php handling allows a SQL injection via the username parameter, enabling remote attackers to execute arbitrary SQL commands. The NVD record lists a CVSS v2 base score of 7.5 (HIGH) with network access, low attack complex...

Cross site scripting

Cross-site scripting XSS vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php...

CVE-2014-5088

CVE-2014-5088 is a cross-site scripting (XSS) vulnerability in Status2k Server Monitoring Software. The risk entry describes an attacker injecting arbitrary script/HTML through the username parameter sent to login.php, enabling remote exploitation. Public records in the NVD entry enumerate the fl...

WP Affiliate Manager - login.php msg Parameter XSS

The wp-affiliate-platform WordPress plugin was affected by a login.php msg Parameter XSS security vulnerability...

Pie Register - wp-login.php Multiple Parameter XSS

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by a wp-login.php Multiple Parameter XSS security vulnerability...

WordPress Members Plugin <= 2.8.9 - Reflected XSS

This plugin is prone to a cross site scripting vulnerability in wp-login.php. Solution Update the plugin...

IP Reg <= 0.4 - Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl ----------------------------------------------- IP Reg = 0.4 Blind SQL Injection Exploit Discovered By StAkeR - StAkeRathotmaildotit Discovered On 03/10/2008 ----------------------------------------------- Download...

PunBB Mod PunPortal 0.1 - Local File Inclusion Exploit

No description provided by source. !/usr/bin/perl =about PunBB PunPortal 0.1 Local File Inclusion Exploit -------------------------------------------------- by athos - stakerathotmaildotit download mod http://www.punres.org/download.php?id=1108 download cms http://punbb.org register globals = 1...

UBBCentral UBB.threads 6.2.3/6.5 login.php Cat Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including...

AfterLogic MailBee WebMail Pro 3.x login.php mode Parameter XSS

No description provided by source...

Invision Power Board <= 1.3.1 Login.PHP SQL Injection (working)

No description provided by source. ?php / = 1.3.1 Final /str0ke / $server = SERVER; $port = 80; $file = PATH; $target = 81; / User id and password used to fake-logon are not important. '10' is a random number. / $id = 10; $pass = ; $hex = 0123456789abcdef; for$i = 1; $i = 32; $i++ $idx = 0; $foun...

MemHT Portal 4.0.1 - SQL Injection Code Execution Exploit

No description provided by source. !/usr/bin/perl =about MemHT 4.0.1 Perl exploit AUTHOR discovered & written by Ams ax330d doggy gmail dot com VULN. DESCRIPTION: Due to weak params filtering we are able to make SQL-Injection. So, 1. Look at 'inc/ajax/ajaxrating.php', line 29. It is not enough to...

68 Classifieds 4.1 login.php goto Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36208/info '68 Classifieds' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in th...