ugcnetonline.in XSS vulnerability

Vulnerable URL: http://www.ugcnetonline.in/[email protected]=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 98681...

modelportfolio4hire.com XSS vulnerability

Vulnerable URL: http://modelportfolio4hire.com/profile.php?name=%27%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E=91 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Ultimate PHP Board aka myUPB before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the 1 q parameter to search.php or 2 avatar parameter to profile.php...

CVE-2015-2217

Ultimate PHP Board (UPB, also known as myUPB) is affected by multiple XSS vulnerabilities. The CVE-2015-2217 entry describes remote XSS via the q parameter in search.php or the avatar parameter in profile.php, with impact described as injection of arbitrary web script/HTML. Public sources within ...

Sql injection

SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the reqnewemail parameter...

CVE-2014-10029

FluxBB contains a SQL injection vulnerability in profile.php (req_new_email) exploitable on FluxBB before 1.4.13 and 1.5.x before 1.5.7. The flaw stems from insufficient input sanitization in the change_email flow, enabling remote attackers to execute arbitrary SQL commands. Affected versions: Fl...

CVE-2014-10029

SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the reqnewemail parameter...

CVE-2014-8307

Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...

CVE-2014-6029

TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php...

Code injection

TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php...

Code injection

TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php...

CVE-2014-6029

CVE-2014-6029 affects TorrentFlux 2.4. The vulnerability arises in the editCookies action to profile.php, where the cid parameter allows remote authenticated users to delete or modify other users’ cookies. Reported impact includes partial integrity risk of cookies; confidentiality/availability im...

CVE-2014-6029

TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php...

WP-Members 2.8.9 - profile.php Multiple Parameter Stored XSS

The WP-Members Membership Plugin WordPress plugin was affected by a profile.php Multiple Parameter Stored XSS security vulnerability...

WordPress Members Plugin <= 2.8.9 - Stored XSS

This plugin is prone to a cross site scripting vulnerability in profile.php. Solution Update the plugin...

CVE-2014-3544

CVE-2014-3544 is a cross-site scripting (XSS) vulnerability in Moodle’s user/profile.php that enables remote authenticated users to inject arbitrary script or HTML via the Skype ID profile field. Affected versions include Moodle up to 2.3.11 and 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x befo...

Whois.Cart 2.2.x Profile.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14044/info Whois.Cart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

AlstraSoft AskMe Pro 2.1 (profile.php?id) SQL Injection Vulnerability

No description provided by source. AlstraSoft AskMe Pro profile.php?id SQL Injection Vulnerability Author : CoBRa21 Author Web Page : null I've sold my website ipbul.org Dork : inurl:forumanswer.php?queid Script Page : http://www.alstrasoft.com/ Sql Injection :...

Extcalendar <= 2 (profile.php) Remote User Pass Change Exploit

No description provided by source. form name=userform action=http://target/register.php method=post input name=step type=hidden value=regform tr td class='tableh2' colspan='2'Account Information/td /tr tr td class='tableb' width='160'Username/td td class='tableb' /td /tr tr td class='tableb'...