21 matches found
EUVD-2021-2335
Malware in sbrugna...
CVE-2025-29369
Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in /viewprofile.php?id=1...
CVE-2025-29369
Code-Projects Matrimonial Site V1.0 is vulnerable to SQL Injection in /viewprofile.php?id=1...
PT-2025-14702 · Unknown · Code-Projects Matrimonial Site
Name of the Vulnerable Software and Affected Versions: Code-Projects Matrimonial Site version V1.0 Description: The issue concerns SQL Injection. It affects the /view profile.php API endpoint, specifically the id variable. There is no information provided about the estimated number of potentially...
CVE-2023-46800
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the viewprofile.php resource does not validate the characters received and they are sent unfiltered to the database...
Improper privilege management in Keycloak
A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission...
PT-2020-13991 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak versions prior to 12.0.0 Description: A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access...
keycloak: user can manage resources with just "view-profile" role using new Account Console
A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission...
keycloak: user can manage resources with just "view-profile" role using new Account Console
A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission...
keycloak: user can manage resources with just "view-profile" role using new Account Console
A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission...
keycloak: user can manage resources with just "view-profile" role using new Account Console
A flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission...
Muslim Matrimonial Script SQL Injection Vulnerability
Muslim Matrimonial Script is a community matrimonial script for matrimonial websites by PHP Scripts Mall. PHP Scripts Mall Muslim Matrimonial Script has a SQL injection vulnerability. The vulnerability can be exploited to conduct SQL injection attacks via the view-profile.php memid parameter...
CVE-2017-17983
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php memid parameter...
CVE-2017-17983
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php memid parameter...
Simple Chatting System Arbitrary File Upload Vulnerability
Simple Chatting System is a PHP-based online chatting application. An arbitrary file upload vulnerability exists in Simple Chatting System version 1.0. The vulnerability can be exploited to upload arbitrary files via the view/myprofile.php file...
FS Shaadi Clone SQL Injection
Exploit Title: FS Shaadi Clone - SQL Injection Date: 2017-12-05 Exploit Author: DanAdeg Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/shaadi-clone/ Version: 2017-12-05 Tested on: Kali Linux 2.0 PoC: SQL Injection on GET parameter = token...
CVE-2017-12284
A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanism...
Email address is not validated when updating user profile
On the view profile page /secure/ViewProfile.jspa it's possible to update your user profile /secure/EditProfile!default.jspa?username=admin to an invalid email address. See attached screenshots. !Screen Shot 2017-09-28 at 2.49.48 PM.png|thumbnail! !Screen Shot 2017-09-28 at 2.49.58...
PD9 Software MegaBBS 2.0/2.1 view-profile.asp Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/11253/info MegaBBS is reported prone to multiple vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out HTTP response splitting and SQL injection...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to 1 quicksearch.php and 2 viewprofile.php...