16 matches found
CVE-2026-1263
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...
EUVD-2026-21248
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...
CVE-2026-1263
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...
CVE-2026-33413
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...
CVE-2026-33413
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...
hispanicchamberflorida.org XSS vulnerability
Vulnerable URL: http://www.hispanicchamberflorida.org/memberlist.php?category=13'"73 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 11494151 VIP website status:| No Coordinated Disclosure Timeline: Description|...
Sql injection
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteriastartswith parameter to ajax/render/memberlistitems...
MyBB Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/13827/info MyBB is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to...
ShortCMS 1.11F(B) (con) - SQL Injection
ShortCMS 1.11FB con - SQL Injection ShortCMS v. 1.11FB con SQL Injection Vulnerability Author : Gamoscu Homepage : http://www.1923turk.com Blog : http://gamoscu.wordpress.com/ Script : ShortCMS Download : http://www.shortcms.de/index.php?dwnldct Vulnerable File printview.php?func=con&pvid= SQL Xp...
Deserialization of untrusted data
misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action...
CVE-2009-4467
misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action...
Sql injection
SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter...
CVE-2008-2980
Multiple cross-site scripting XSS vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the 1 errormeldung parameter to admin/features/register/register.php, the 2 featurelanguageueberschrift parameter to...
Unfixed XSS vulnerability at tontonsflingueurs.actifforum.com
Security researcher Airrox, has submitted on 03/12/2007 a cross-site-scripting XSS vulnerability affecting tontonsflingueurs.actifforum.com, which at the time of submission ranked 3380 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/12/2007...
CVE-2007-0400
Cross-site scripting XSS vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter...
Sql injection
SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the initrow parameter...