14 matches found
EUVD-2025-204796
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'registerform' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2025-14000 Membership Plugin – Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'registerform' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes...
PT-2024-23230 · WordPress · Essential Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.13 Description: The issue allows authenticated attackers with author-level access and above to inject a PHP Object via deserialization of untrusted inp...
Tennessee Valley Authority: internal path disclosure via register error
Vulnerability description not provided...
Ether MP3 CD Burner 1.3.8 Buffer Overflow
Exploit Title: EtherMP3CDBurner 1.3.8 - Buffer Overflow SEH Date: 24.09.2021 Software Link: https://mp3-avi-mpeg-wmv-rm-to-audio-cd-burner.software.informer.com/download/?caa8ec-1.2 Software Link 2: https://anonfiles.com/X2Ff36J6ue/ethercdburnerexe Exploit Author: Achilles Tested Version: 1.3.8...
Drupal < 7.58 - Drupalgeddon3 Authenticated Remote Code Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote code execution...
ukcampsite.co.uk XSS vulnerability
Vulnerable URL: http://www.ukcampsite.co.uk/chatter/registerform.asp?rp=999%22%3E%3Cscript%3Ealert%27XSSPOSED%27%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 62590...
vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection Vulnerability
Exploit for php platform in category web applications Title: vBulletin Verify Email Before Registration Plugin - SQL Injection Date: September 19 2014 Version: Any vBulletin 4.. version which has the plugin installed. Plugin: http://www.vbulletin.org/forum/showthread.php?t=294164 Author: Dave FW/...
Clockingit.com Cross Site Scripting
Affected software: clockingit.com Type of vulnerability: persistent xss URL: clockingit.com Discovered by: Provensec Website: http://www.provensec.com Description: peristet xss issue Proof of concept victim can be exploited by just sending the link to the victim To execute this vector goto regist...
GNUBoard 4.31.04 (09.01.30) Multiple Local/Remote Vulnerabilities
No description provided by source. GNUBoard V4.31.04 09.01.30 Multiple Local/Remote Vulnerability bY [email protected] / SIR GNUBoard VERSION 4.31.04 09.01.30is a widely used bulletin board system of Korea. It is freely available for all platforms that supports PHP and MySQL. But we find a file...
Digital Scribe 1.5 (register_form()) Multiple POST XSS Vulnerabilities
No description provided by source. !-- Digital Scribe 1.5 registerform Multiple POST XSS Vulnerabilities Vendor: Digital Scribe Product web page: http://www.digital-scribe.org Affected version: 1.5 Summary: The Digital Scribe is a free, intuitive system designed to help teachers put student work...
Digital Scribe 1.5 Cross Site Scripting
25: 26: 27: Title:" SIZE=4 Mr., Mrs., etc 28: 29: Last Name:" 30: Password: 31: 32: Password Again: 33: 34: E-Mail:INPUT TYPE=TEXT NAME=e...
CVE-2006-1112
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message...
Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS
Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS ======================================================================== Software: Affiliate Network Pro v7.2 Severity: SQL Injections, Arbitrary code execution, XSS Risk: High Author: Robin Verton [email protected] Date:...