CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

NVD•added 2025/10/16 3:15 p.m.•2 views

CVE-2025-61540

SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php...

6.5CVSS0.00026EPSS

Exploits0References2

OSV•added 2025/10/16 3:15 p.m.•1 views

CVE-2025-61540

SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php...

6.5CVSS8.3AI score0.00026EPSS

Exploits0References2

CVE•added 2025/10/16 12:0 a.m.•5 views

CVE-2025-61539

CVE-2025-61539 describes a Cross-Site Scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 exploited via the u_name parameter in lostpassword.php. Affected software: Ultimate PHP Board 2.2.7. The vulnerability is triggered through input in the lostpassword.php page’s u_name parameter, enabli...

6.1CVSS5.7AI score0.00025EPSS

Exploits0References2Affected Software1

CNNVD•added 2025/10/16 12:0 a.m.•1 views

Ultimate PHP Board 安全漏洞

Ultimate PHP Board is a message board software from PHP Outburst open source. A security vulnerability exists in Ultimate PHP Board version 2.2.7, which stems from improper handling of the uname parameter in the lostpassword.php file, which could lead to a cross-site scripting attack...

6.1CVSS6.1AI score0.00025EPSS

Exploits0References2

Cvelist•added 2025/10/16 12:0 a.m.•6 views

CVE-2025-61540

SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php...

0.00026EPSS

Exploits0References2

CVE•added 2025/10/16 12:0 a.m.•4 views

CVE-2025-61540

CVE-2025-61540 : The Red Hat, NVD, OSV, EUVD, NVD (and other) records all describe a SQL injection in Ultimate PHP Board version 2.2.7, exploitable via the username field in lostpassword.php. The underlying issue is an unvalidated/unsafely assembled username input leading to SQL injection, with C...

6.5CVSS7.8AI score0.00026EPSS

Exploits0References2Affected Software1

CNNVD•added 2025/10/16 12:0 a.m.•1 views

Ultimate PHP Board 安全漏洞

Ultimate PHP Board is a message board software from PHP Outburst open source. A security vulnerability exists in Ultimate PHP Board version 2.2.7, which stems from an unvalidated username field in lostpassword.php and could lead to a SQL injection attack...

6.5CVSS7.8AI score0.00026EPSS

Exploits0References2

seebug.org•added 2014/07/01 12:0 a.m.•10 views

Softbiz Classifieds Script lostpassword.php msg Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/32569/info Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary scri...

7.1AI score

Exploits0

Cvelist•added 2012/09/05 11:0 p.m.•15 views

CVE-2012-4393

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use 1 addBookmark.php, 2 delBookmark.php, or 3 editBookmark.php in bookmarks/ajax/; 4 calendar/delete.php, 5 calendar/edit.php...

7.1AI score0.00159EPSS

Exploits1References5

NVD•added 2009/07/24 4:30 p.m.•9 views

CVE-2009-2589

Multiple cross-site scripting XSS vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to 1 feedback.php, 2 index.php, and 3 lostpassword.php...

4.3CVSS5.9AI score0.00516EPSS

Exploits1References7

Prion•added 2009/02/27 11:30 a.m.•10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the 1 radio parameter to showcategory.php, 2 msg parameter to advertisers/signinform.php, 3 radio parameter to gallery.php, 4 msg parameter to...

4.3CVSS5.9AI score0.00388EPSS

Exploits2References4

NVD•added 2006/10/05 4:4 a.m.•12 views

CVE-2006-5148

Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including 1 search.php, 2 message.php, 3 member.php, 4 mail.php, 5 lostpassword.php, 6...

7.5CVSS7.7AI score0.10761EPSS

Exploits1References4

Cvelist•added 2006/10/02 11:0 p.m.•17 views

CVE-2006-5148

7.7AI score0.10761EPSS

Exploits1References4

securityvulns•added 2006/09/19 12:0 a.m.•41 views

NixieAffiliate all version bypass admin and xss

NixieAffiliate all version vendor : idevspot.com By : s3rv3rhack3r www: hackerz.ir & h4ckerz.com Bypass for delete any aff ID : www.domain.com/NixieAffiliate/delete.php?id=1 Xss : www.domain.com/NixieAffiliate/forms/lostpassword.php?error=xss...

4.3AI score

Exploits0

exploitpack•added 2006/09/18 12:0 a.m.•9 views

NixieAffiliate 1.9 - lostpassword.php Cross-Site Scripting

NixieAffiliate 1.9 - lostpassword.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20084/info NixieAffiliate is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to have arbitrary script co...

0.2AI score

Exploits0

NVD•added 2006/07/18 3:46 p.m.•8 views

CVE-2006-3607

Multiple cross-site scripting XSS vulnerabilities in Softbiz Banner Exchange Script aka Banner Exchange Network Script 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the city parameter in a insertmember.php, and 2 a PHPSESSID cookie in b lostpassword.php, c...

4.3CVSS5.8AI score0.00436EPSS

Exploits1References5

NVD•added 2005/10/30 2:34 p.m.•13 views

CVE-2005-3365

Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via 1 the name parameter in register.php, 2 the email parameter in lostpassword.php, 3 the year parameter in calendar.php, and the 4...

7.5CVSS8.1AI score0.02273EPSS

Exploits1References12

Cvelist•added 2005/10/29 7:0 p.m.•16 views

CVE-2005-3365

8.1AI score0.02273EPSS

Exploits1References12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by