CVE-2002-1880

LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php...

CVE-2025-0667 BOINC Server Stored XSS Injection in pm.php

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7...

CVE-2025-0667 BOINC Server Stored XSS Injection in pm.php

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7...

DedeCMS Cross-Site Scripting Vulnerability (CNVD-2018-21795)

DedeCMS is a PHP-based web content management system CMS. A cross-site scripting vulnerability exists in the /member/pm.php page in DedeCMS version 5.7 SP2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of the 'folder' parameter...

Cross site scripting

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...

CVE-2018-18579

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...

CVE-2018-18579

DedeCMS 5.7 SP2 is affected by a reflected XSS vulnerability in the /member/pm.php endpoint, exploitable via the folder parameter. The vulnerable component is DedeCMS’s web interface; input in the folder parameter can be reflected back to the user, enabling arbitrary script/HTML execution in a us...

e107 < 2.1.4 - 'keyword' Blind SQL Injection

!/usr/bin/perl e107 = 2.1.4 "keyword" Blind SQL Injection Exploit -------------------------------------------------------------------------- Discovered by staker - stakerathotmaildotit Discovered on 09/03/2017 Site Vendor: http://www.e107.org BUG: Blind SQL Injection...

e107 2.1.4 - keyword Blind SQL Injection

e107 2.1.4 - keyword Blind SQL Injection !/usr/bin/perl e107 = 2.1.4 "keyword" Blind SQL Injection Exploit -------------------------------------------------------------------------- Discovered by staker - stakerathotmaildotit Discovered on 09/03/2017 Site Vendor: http://www.e107.org BUG: Blind SQ...

qibocms 7.0 pm.php 存储型xss

No description provided by source...

DeluxeBB <= 1.3 Private Info Disclosure

No description provided by source. ====================================================================== DeluxeBB new; $bro-agent"Mozilla/5.0 Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14 Gecko/20080404 Firefox/2.0.0.14"; $bro-defaultheader"Cookie" = "membercookie=$membercookie;...

DeluxeBB <= 1.3 Private Info Disclosure

Exploit for php platform in category web applications ======================================= DeluxeBB new; $bro-agent"Mozilla/5.0 Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14 Gecko/20080404 Firefox/2.0.0.14"; $bro-defaultheader"Cookie" = "membercookie=$membercookie; memberpw=$memberpw;...

CVE-2008-6146

SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete parameter in a Delete action, a different vector than CVE-2005-2989...

Sql injection

SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete parameter in a Delete action, a different vector than CVE-2005-2989...

CVE-2008-6146

Technical details for CVE-2008-6146 are not publicly available in the provided connected documents. Monitor for updates.

CVE-2007-3592

PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields...

CVE-2007-3592

Vulnerability CVE-2007-3592 affects Elite Bulletin Board (earlier than 1.0.10). The PM.php module allows remote authenticated users to delete arbitrary private messages and other attacks by modifying id fields, indicating improper input validation of message identifiers. The issue enables manipul...

MyEvent1.6 &#40;template.php&#41; Remote File Inclusion Vulnerability

.-" "-. / | TiTaNiC | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / HaCkEr / @ script:PBSite - PHP Bulletin Site | CMS ==== RFI url:http://sourceforge.net/project/showfiles.php?groupid=88114 authot:titanichacker [email protected] contact: hack-teach.com & mohandko.com...

PBSite - PHP Bulletin Site | CMS ====&gt; RFI

.-" "-. / | TiTaNiC | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / HaCkEr / @ script:PBSite - PHP Bulletin Site | CMS ==== RFI url:http://sourceforge.net/project/showfiles.php?groupid=88114 authot:titanichacker [email protected] contact: hack-teach.com & mohandko.com...

CVE-2007-2339

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via 1 a modified recipients parameter name in a pm.php; 2 the curr parameter to the b badwords aka censorlist or c banlist module in admin.php; or 3 the "Edit groups / Add group...