CVE-2018-25302

CVE-2018-25302 affects Allok AVI to DVD SVCD VCD Converter 4.0.1217. The vulnerability is an SEH-based buffer overflow in the License Name field that enables local code execution. An attacker can craft a payload consisting of junk data, NSEH bypass, an SEH handler address, and shellcode, paste it...

CVE-2026-7401

CVE-2026-7401 affects SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The vulnerability targets the Registration component, specifically /index.php?action=register, where manipulation of the arguments student_id, full_name, section, or username enables cross-site scr...

EUVD-2010-4127

Malware in sbrugna...

CVE-2025-3918 Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function

The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the registeraction function in versions 0.1 to 0.1.1. The plugin’s registration handler reads the client-supplied $POST'userrole' and passes it directly to wpinsertuser without...

CVE-2025-3918 Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function

The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the registeraction function in versions 0.1 to 0.1.1. The plugin’s registration handler reads the client-supplied $POST'userrole' and passes it directly to wpinsertuser without...

WordPress plugin Job Listings 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

Design/Logic Flaw

cccaajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 host or 2 apikey parameter in a register action, 3 enable parameter ...

CVE-2016-6266

cccaajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 host or 2 apikey parameter in a register action, 3 enable parameter ...

CVE-2013-4954

Multiple cross-site scripting XSS vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 pass1 or 2 pass2...

CVE-2010-4402

Multiple cross-site scripting XSS vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, 3 website, 4 aim, 5 yahoo, 6 jabber, 7 about, 8 pass1, and 9 pass2 parameter...

CVE-2010-4402

Multiple cross-site scripting XSS vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, 3 website, 4 aim, 5 yahoo, 6 jabber, 7 about, 8 pass1, and 9 pass2 parameter...

Sql injection

SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033...

PT-2010-5323 · Deluxebb · Deluxebb

SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic quotes gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-103...

Code injection

Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php...

CVE-2007-5062

account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action...

Authentication flaw

account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action...

CVE-2007-5062

account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action...

Directory traversal

Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. dot dot in the language parameter in a register action...

CVE-2007-3272

CVE-2007-3272 affects MiniBB 2.0.5. The vulnerability is a directory traversal in index.php where an attacker can read arbitrary files by manipulating the language parameter in a register action (via ..). Documents do not provide exploitation steps, affected versions beyond 2.0.5, or explicit rem...

CVE-2006-6230

SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962...