633 matches found
CVE-2004-1567
Silent Storm Portal (2.1/2.2) exposes a privilege escalation in profile.php: setting the mail parameter to 1 (the admin value) allows remote attackers to gain administrator privileges. Vulnerable parameter handling is the root cause; the CVE entry documents this as an admin-privilege bypass via a...
WordPress 1.2.x XSS Advisory
Module: wp-admin/profile.php Fields: First Name, Last Name. Нет проверки на знаки & Возможно внедрение java-скрипта. Патч: http://adz.void.ru/file.php?op=get&id=6 Описание: http://adz.void.ru/index.php?p=5 ------------ Легкой Смерти!...
CVE-2004-2243
Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorumuriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous...
CVE-2004-1567
profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator...
PunBB profile.php XSS
According to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script 'profile.php'. With a specially crafted URL, an attacker can inject arbitrary HTML and script code into a user's browser, resulting in a loss of integrity, theft of...
phpBB profile.php Cross Site Scripting Vulnerability
Advisory Name : phpBB profile.php Cross Site Scripting Vulnerability Release Date : Mar 21,2004 Application : phpBB Version : phpBB 2.0.6d or others? Platform : PHP Vendor URL : http://www.phpbb.com/ Author : Cheng Peng Suapplesoupatmsn.com Proof of Conecpt: This vuln is in profile.php,when you...
Phorum 5.0.3 Beta && Earlier XSS Issues
Vendor : Phorum URL : http://www.phorum.org Version : Phorum 5.0.3 Beta && Earlier Risk : Cross Site Scripting Description: Phorum is a web based message board written in PHP. Phorum is designed with high-availability and visitor ease of use in mind. Features such as mailing list integration, eas...
Phorum 3.x - login.php HTTP_REFERER Cross-Site Scripting
Phorum 3.x - login.php HTTPREFERER Cross-Site Scripting source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php',...
Phorum 5.0.3 Beta - Cross Site Scripting
Phorum 5.0.3 Beta - Cross Site Scripting Phorum Cross Site Scripting Vendor: Phorum Product: Phorum Version: tag, it will allow for pretty much any thing else, and most of you know it is not hard to execute javascript inside of a tag which is allowed. This same vulnerability also exists in...
Phorum 3.x - profile.php?target Cross-Site Scripting
Phorum 3.x - profile.php?target Cross-Site Scripting source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php',...
Phorum 3.x - 'login.php' HTTP_REFERER Cross-Site Scripting
source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidde...
CVE-2004-0034
Multiple cross-site scripting XSS vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via 1 the phorumcheckxss function in common.php, 2 the EditError variable in profile.php, and 3 the Error variable in login.php...
ttCMS/ttForum multiple bugs
SQL injection via username in Profile.php. PHP injection in News.php, install.php...