EUVD-2023-37861

Malicious code in bioql PyPI...

CVE-2023-33706

SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...

CVE-2016-2881

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters...

EMC RSA Data Loss Prevention Security Restriction Bypass Vulnerability

EMC RSA Data Loss Prevention monitors network traffic and protects against data loss. A security restriction bypass vulnerability exists in EMC RSA Data Loss Prevention versions prior to 9.6 SP2 P5. A remote attacker could exploit this vulnerability to bypass target object access restrictions via...

EUVD-2009-4060

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and 1 delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or 2 delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php...

Design/Logic Flaw

myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified addname and addradminsuper parameters...

Authentication flaw

admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters...

CVE-2007-1898

formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails spam via modified recipient, SETTINGSallowedemailhosts, and subject parameters...

CVE-2006-5597

join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified 1 frmMailBox and 2 frmUserPass parameters...

CVE-2006-4210

numail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when registerglobals is enabled, allows remote attackers to use the server as an open mail relay via modified mailtext2, userrow5, numail1, and shopmail parameters. NOTE: some of these details are obtained from third party information...

CVE-2006-3205

Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to gain access via modified userenv, passenv, powerenv, and idenv parameters in a cookie, which comprise a persistent logon that does not vary across sessions...

CVE-2005-1817

Invision Power Board IPB 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters...

CVE-2002-0787

Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified 1 LOCID or 2 OC parameters...