CVE-2017-9090

The CVE-2017-9090 issue affects Allen Disk 1.6’s reg.php, where there is no proper check of isset($_SESSION['captcha']['code']), enabling bypass of CAPTCHA via an empty $_POST['captcha']. The vulnerability is documented across multiple feeds (NVD entry with CVSSv2/3 scores indicating low–high imp...

SQL Injection Vulnerability in Shield Spirit Public Number Promotion System reg.php Page

Shield Spirit Public Promotion System is a product that is mainly applied to public promotion alliance. A SQL injection vulnerability exists in the username parameter of the Shield Spirit public number promotion system \php\reg.php page. An attacker can exploit the vulnerability to obtain sensiti...

CSDJCMS V4 reg.php 参数username SQL注入漏洞

漏洞文件app/controllers/user/reg.php public function check $username = $this-security-xssclean$this-input-getpost'username', TRUE; //username $sqlu="SELECT csid FROM ".CSSqlPrefix."user where csname='".$username."'"; $row=$this-CsdjDB-getall$sqlu; if!$row echo 'no'; else echo 'ok';...

beachhouse.com XSS vulnerability

Vulnerable URL: http://www.beachhouse.com/portal/reg.php?email=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 25.01.2016 Latest check for patch:| 25.01.2016 15:36 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank...

Job Site 1.0 - Multiple Vulnerabilities

No description provided by source. Jobsite logo - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...

Jobsite Logo Cross Site Scripting / SQL Injection

Jobsite logo - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://sourceforge.net/projects/jobfinder/...

Anymacro /reg.php SQL注入漏洞

No description provided by source...

TKO Karate Cross Site Scripting

|=----=----=----=----=----=--------=| | | /\ /\ \ /\ /\ \ everythin's black | //\ /\ \ \L\ \ \ \ \ no turning back | \ \ \ \ \ reg.php Cross Site Scripting Vulnerability |Author :Bl4ck.Viper |Home :Http://t-bh.ir |Archive :Http://exploit-db.ir |Vendor :http://www.kellermartialarts.com/ |Email...

Unfixed XSS vulnerability at www.ciao-surveys.se

Security researcher Uber0n, has submitted on 11/05/2008 a cross-site-scripting XSS vulnerability affecting www.ciao-surveys.se, which at the time of submission ranked 1397146 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/05/2008. It is...

Unfixed XSS vulnerability at www.bedava-sitem.com

Security researcher CWOmer, has submitted on 09/11/2008 a cross-site-scripting XSS vulnerability affecting www.bedava-sitem.com, which at the time of submission ranked 23615 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/11/2008. It is...

Unfixed XSS vulnerability at ccl.whiteacid.org

Security researcher themastersinner, has submitted on 23/07/2008 a cross-site-scripting XSS vulnerability affecting ccl.whiteacid.org, which at the time of submission ranked 2705542 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/06/2009. It...

CVE-2006-1327

SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter...

CVE-2006-1327

CVE-2006-1327 describes an SQL injection vulnerability in SoftBB 0.1, exploitable through reg.php via the mail parameter, allowing remote execution of arbitrary SQL commands. Affected component: SoftBB 0.1 (reg.php). Root cause: improper neutralization of user input in the mail parameter leading ...

CVE-2006-1327

SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter...