660 matches found
publically available usernames are a security risk
The login username of users is revealed all over the place in URLs that link to user profile, or user's list of assigned open bugs etc. This seems to be a big security risk, because you have given away half of the user identification to strangers. Anybody can look up a user in the issue tracker a...
CVE-2006-3971
Cross-site scripting XSS vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter...
CVE-2006-3239
SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter...
CVE-2006-3239
SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter...
Scout Portal Toolkit 1.4.0 - forumid SQL Injection
Scout Portal Toolkit 1.4.0 - forumid SQL Injection !/usr/bin/perl =============================================================== Scout Portal Toolkit 1.4.0 Remote SQL injection Exploit Coded By Simo64 Moroccan Security Research Team Specials thx to :Greetz : CiM-Team - CrAsHoVeRrIdE - dabdoub -...
CVE-2006-3218
SQL injection vulnerability in profile.php in Woltlab Burning Board WBB 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter...
Sql injection
SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter...
CVE-2006-2486
SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter...
CVE-2006-2486
SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter...
CVE-2006-2067
SQL injection vulnerability in vbboardfunctions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter...
CVE-2006-1917
SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter...
Sql injection
SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter...
CVE-2006-1917
SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter...
CVE-2006-1661
Multiple cross-site scripting XSS vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 areaID parameter in area.View.action, 2 time parameter in planning.View.action, and 3 userID parameter in user.View.action...
WebGUI < 6.7.6 arbitrary command execution
The remote web server contains a CGI script that is prone to arbitrary code execution. Description : The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the OpenVAS...
Mini-Nuke<=1.8.2 SQL injection (6)
//mini-nuke board turk have many sql injection founded by Moroccan Security Team //Creetz to: Moroccan Security Team Dr.E-vil,Dr.Erase,H0550N,|ucifer,DaBDouB-MoSiKaR OverclockiX,ki11er ,Dranzelz,Esp!onLeRaVaGe,ameer,www.lezr.com and all muslim morocco 1...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...
CVE-2006-1133
Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...
CVE-2006-1133
Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...
phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution
The remote host has installed on it the phpRPC library, an xmlrpc library written in PHP and bundled with applications such as RunCMS and exoops. The version of phpRPC on the remote host fails to sanitize user input to the 'server.php' script before using it in an 'eval' function, which may allow...