532 matches found
CVE-2005-2383
The CVE-2005-2383 entry concerns PHPNews 1.2.5, where auth.php accepts a user parameter via HTTP POST and fails to sanitize it, enabling SQL injection. Concrete details in connected docs show attackers could execute arbitrary SQL commands through the user parameter, with Nessus notes implying ris...
CVE-2001-1524
Cross-site scripting XSS vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 uname parameter in user.php, 2 ttitle, letter and file parameters in modules.php, 3 subject, story and storyext parameters in submit.php, 4 upload paramete...
CVE-2005-1782
Multiple cross-site scripting XSS vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to 1 addreview.htm, 2 suggestreview.htm, 3 suggestcategory.htm, 4 addbooklist.htm, or 5 addurl.htm, the isbn parameter to 6 addreview.htm, ...
CVE-2005-0629
Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...
miniBB < 1.7f index.php user Parameter SQL Injection
Binary data 2407.prm...
miniBB index.php user Parameter SQL Injection
The remote host is using the miniBB forum management system. According to its version number, this forum is vulnerable to a SQL injection attack. Input to the 'user' parameter of index.php not properly sanitized. A remote attacker could exploit this to execute arbitrary SQL queries against the...
miniBB Input Validation Hole in 'user' Parameter
No description provided by source. Example: http://target/minibb/index.php?action=userinfo&user=1%20union%20select%201,2,userpassword%20from%20minibbusers/ milw0rm.com 2004-11-16...
IlohaMail user Parameter XSS
According to its banner, the remote web server is running IlohaMail version 0.8.10 or earlier. Such versions do not properly sanitize the 'user' parameter before using it to generate dynamic HTML output. An attacker may be able to leverage this to inject arbitrary HTML and script code into a user...
CVE-2004-1770
The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter...
CVE-2003-0980
CVE-2003-0980 is an XSS vulnerability in FreeScripts VisitorBook LE (visitorbook.pl). The issue permits remote attackers to inject arbitrary HTML or JavaScript via (1) the do parameter, (2) the user parameter from a host with a malicious reverse DNS name, and (3) quote marks or ampersands in othe...
Alt-N WebAdmin 2.0.x - USER Remote Buffer Overflow (2)
Alt-N WebAdmin 2.0.x - USER Remote Buffer Overflow 2 // source: https://www.securityfocus.com/bid/8024/info Alt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM...
CVE-2001-1460
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter...