Lucene search
K

532 matches found

CVE
CVE
added 2005/07/26 4:0 a.m.43 views

CVE-2005-2383

The CVE-2005-2383 entry concerns PHPNews 1.2.5, where auth.php accepts a user parameter via HTTP POST and fails to sanitize it, enabling SQL injection. Concrete details in connected docs show attackers could execute arbitrary SQL commands through the user parameter, with Nessus notes implying ris...

7.5CVSS8.4AI score0.01171EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2005/07/14 4:0 a.m.25 views

CVE-2001-1524

Cross-site scripting XSS vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 uname parameter in user.php, 2 ttitle, letter and file parameters in modules.php, 3 subject, story and storyext parameters in submit.php, 4 upload paramete...

5.8AI score0.02013EPSS
Exploits0References7
Cvelist
Cvelist
added 2005/05/31 4:0 a.m.27 views

CVE-2005-1782

Multiple cross-site scripting XSS vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to 1 addreview.htm, 2 suggestreview.htm, 3 suggestcategory.htm, 4 addbooklist.htm, or 5 addurl.htm, the isbn parameter to 6 addreview.htm, ...

5.8AI score0.0513EPSS
Exploits1References12
Cvelist
Cvelist
added 2005/03/04 5:0 a.m.23 views

CVE-2005-0629

Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...

5.8AI score0.02127EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2004/11/22 12:0 a.m.16 views

miniBB < 1.7f index.php user Parameter SQL Injection

Binary data 2407.prm...

7.5CVSS7.3AI score0.0265EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2004/11/19 12:0 a.m.18 views

miniBB index.php user Parameter SQL Injection

The remote host is using the miniBB forum management system. According to its version number, this forum is vulnerable to a SQL injection attack. Input to the 'user' parameter of index.php not properly sanitized. A remote attacker could exploit this to execute arbitrary SQL queries against the...

7.5CVSS6AI score0.0265EPSS
Exploits1References1
seebug.org
seebug.org
added 2004/11/16 12:0 a.m.18 views

miniBB Input Validation Hole in 'user' Parameter

No description provided by source. Example: http://target/minibb/index.php?action=userinfo&user=1%20union%20select%201,2,userpassword%20from%20minibbusers/ milw0rm.com 2004-11-16...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/09/02 12:0 a.m.188 views

IlohaMail user Parameter XSS

According to its banner, the remote web server is running IlohaMail version 0.8.10 or earlier. Such versions do not properly sanitize the 'user' parameter before using it to generate dynamic HTML output. An attacker may be able to leverage this to inject arbitrary HTML and script code into a user...

5.8AI score
Exploits0References1
NVD
NVD
added 2004/03/11 5:0 a.m.19 views

CVE-2004-1770

The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter...

10CVSS7.8AI score0.10222EPSS
Exploits1References5
CVE
CVE
added 2003/12/11 5:0 a.m.42 views

CVE-2003-0980

CVE-2003-0980 is an XSS vulnerability in FreeScripts VisitorBook LE (visitorbook.pl). The issue permits remote attackers to inject arbitrary HTML or JavaScript via (1) the do parameter, (2) the user parameter from a host with a malicious reverse DNS name, and (3) quote marks or ampersands in othe...

4.3CVSS6AI score0.00938EPSS
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2003/06/24 12:0 a.m.17 views

Alt-N WebAdmin 2.0.x - USER Remote Buffer Overflow (2)

Alt-N WebAdmin 2.0.x - USER Remote Buffer Overflow 2 // source: https://www.securityfocus.com/bid/8024/info Alt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM...

0.9AI score
Exploits0
NVD
NVD
added 2001/10/13 4:0 a.m.12 views

CVE-2001-1460

SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter...

7.5CVSS7.8AI score0.03278EPSS
Exploits1References5
Rows per page
Query Builder