CVE-2007-5033

Cross-site scripting XSS vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profileinfo editprofile action...

phpbb-permxss.txt

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PhpBB Xs 2 profile.php Permanent Xss Vulnerability +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Found By Seph1roth +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ POST METHOD Corrupted page:...

PhpBB Xs 2 profile.php Permanent Xss Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PhpBB Xs 2 profile.php Permanent Xss Vulnerability +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Found By Seph1roth +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ POST METHOD Corrupted page:...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFLFILEROOT parameter to 1 admin.php, 2 custompages.php, 3 draft.php, 4 faq.php, 5 leagues.php, 6 livedraft.php, 7 login.php, 8 myteam.php, 9 profile.php, 10...

CVE-2007-3941

CVE-2007-3941 reports a cross-site scripting (XSS) vulnerability in Jasmine CMS 1.0_1, specifically in profile.php via the profile_email parameter. The issue allows remote authenticated users to inject arbitrary web script or HTML. The description does not specify affected versions beyond 1.0_1, ...

Authorization

Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks...

CVE-2007-3591

Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks...

CVE-2007-3591

The CVE-2007-3591 issue affects Elite Bulletin Board, prior to version 1.0.10, in the Profile.php handling. The root cause is described as missing authorization checks on a remote form, enabling remote modification of profile information via unspecified vectors. Impact is limited to unauthorized ...

CVE-2007-3591

Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks...

PBSite - PHP Bulletin Site | CMS ====> RFI

.-" "-. / | TiTaNiC | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / HaCkEr / @ script:PBSite - PHP Bulletin Site | CMS ==== RFI url:http://sourceforge.net/project/showfiles.php?groupid=88114 authot:titanichacker [email protected] contact: hack-teach.com & mohandko.com...

MyEvent1.6 (template.php) Remote File Inclusion Vulnerability

.-" "-. / | TiTaNiC | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / HaCkEr / @ script:PBSite - PHP Bulletin Site | CMS ==== RFI url:http://sourceforge.net/project/showfiles.php?groupid=88114 authot:titanichacker [email protected] contact: hack-teach.com & mohandko.com...

CVE-2007-1606

Multiple cross-site scripting XSS vulnerabilities in w-Agora Web-Agora allow remote attackers to inject arbitrary web script or HTML via 1 the showuser parameter to profile.php, the 2 searchforum or 3 searchuser parameter to search.php, or 4 the userid parameter to changepassword.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in w-Agora Web-Agora allow remote attackers to inject arbitrary web script or HTML via 1 the showuser parameter to profile.php, the 2 searchforum or 3 searchuser parameter to search.php, or 4 the userid parameter to changepassword.php...

CVE-2007-1606

Multiple cross-site scripting XSS vulnerabilities in w-Agora Web-Agora allow remote attackers to inject arbitrary web script or HTML via 1 the showuser parameter to profile.php, the 2 searchforum or 3 searchuser parameter to search.php, or 4 the userid parameter to changepassword.php...

CVE-2006-7063

Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter...

CVE-2007-0681

profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php...

PT-2007-2135 · Extcalendar · Extcalendar

Name of the Vulnerable Software and Affected Versions: ExtCalendar versions 2 and earlier Description: The issue allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to...

Extcalendar <= 2 (profile.php) Remote User Pass Change Exploit

No description provided by source. form name="userform" action="http://target/register.php" method="post" input name="step" type="hidden" value="regform" tr td class='tableh2' colspan='2'Account Information/td /tr tr td class='tableb' width='160'Username/td td class='tableb' /td /tr tr td...

Extcalendar 2 - profile.php Remote User Pass Change

Extcalendar 2 - profile.php Remote User Pass Change Account Information Username Password Confirm Password E-mail Address Other Details First Name Last Name Home page td class='t...

Extcalendar 2 - 'profile.php' Remote User Pass Change

Account Information Username Password Confirm Password E-mail Address Other Details First Name Last Name Home page td class='tabl...