24 matches found
EUVD-2011-5038
Malware in sbrugna...
CVE-2019-16059
Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page...
CVE-2017-15971
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php senderid parameter, or the /admin Email field, a related issue to CVE-2017-15972...
SoftDatepro Dating Social Network 1.3 SQL Injection Vulnerability
SoftDatepro Dating Social Network version 1.3 suffers from a remote SQL injection vulnerability. Exploit Title: SoftDatepro Dating Social Network 1.3 - SQL Injection Dork: N/A Date: 29.09.2017 Vendor Homepage: http://www.softdatepro.com/ Software Link:...
Email address is not validated when updating user profile
On the view profile page /secure/ViewProfile.jspa it's possible to update your user profile /secure/EditProfile!default.jspa?username=admin to an invalid email address. See attached screenshots. !Screen Shot 2017-09-28 at 2.49.48 PM.png|thumbnail! !Screen Shot 2017-09-28 at 2.49.58...
Gracenote CDDBControl ActiveX Control 'ViewProfile' Method Heap Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37834/info Gracenote CDDBControl is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input. An attacker can exploit this issue to execute...
Gravity Board X 2.0 BETA (Public Release 3) - SQL Injection Vulnerability
No description provided by source. !/usr/bin/perl Exploit Title: Gravity Board X 2.0 BETA Public Release 3 SQL INJECTION Date: 26.02.2010 Author: Ctacok Software Link: http://www.gravityboardx.com/ Version: 2.0 BETA Public Release 3 Tested on: Windows SP 3 Code : exploit code use LWP::Simple; pri...
CVE-2011-5138
Cross-site scripting XSS vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action...
CVE-2011-5138
Cross-site scripting XSS vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Apache Open For Business Project aka OFBiz 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via 1 the productStoreId parameter to control/exportProductListing, 2...
Gravity Board X 2.0 Beta (Public Release 3) - SQL Injection
Gravity Board X 2.0 Beta Public Release 3 - SQL Injection !/usr/bin/perl Exploit Title: Gravity Board X 2.0 BETA Public Release 3 SQL INJECTION Date: 26.02.2010 Author: Ctacok Software Link: http://www.gravityboardx.com/ Version: 2.0 BETA Public Release 3 Tested on: Windows SP 3 Code : exploit co...
Windows Live Messenger ViewProfile()方式调用远程溢出漏洞
BUGTRAQ ID: 37680 Windows Live Messenger是非常流行的即时通讯聊天工具。 MSN所安装的msgsc.dll Activex控件没有正确地验证提交给ViewProfile方式的参数,用户受骗访问了恶意网页并向该方式传送超长参数就可以触发缓冲区溢出,导致msnmsgr.exe进程崩溃。 Microsoft Windows Live Messenger 2009 临时解决方法: 为clsid B69003B3-C55E-4B48-836C-BC5946FC3B28设置kill-bit。 厂商补丁: Microsoft ---------...
Windows Live Messenger 2009 ActiveX DoS Vulnerability
Exploit for unknown platform in category dos / poc ===================================================== Windows Live Messenger 2009 ActiveX DoS Vulnerability ===================================================== Product: Windows Live Messenger 2009 Build 14.0.8089.726 Vulnerability: ActiveX -...
Microsoft Windows Live Messenger DoS
Crash on ActiveX ViewProfile method...
Unfixed XSS vulnerability at www.earningswhispers.com
Security researcher Xylitol, has submitted on 10/01/2009 a cross-site-scripting XSS vulnerability affecting www.earningswhispers.com, which at the time of submission ranked 208860 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 01/07/2009. It i...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the 1 fullname Full Name parameter in the ViewProfile page or 2 returnUrl parameter in a form, as demonstrated using...
CVE-2008-6831
Multiple cross-site scripting XSS vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the 1 fullname Full Name parameter in the ViewProfile page or 2 returnUrl parameter in a form, as demonstrated using...
CVE-2009-1277
SQL injection vulnerability in index.php in Gravity Board X GBX 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the memberid parameter in a viewprofile action. NOTE: the boardid issue is already covered by CVE-2008-2996.2...
Sql injection
SQL injection vulnerability in index.php in Gravity Board X GBX 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the memberid parameter in a viewprofile action. NOTE: the boardid issue is already covered by CVE-2008-2996.2...
Sql injection
SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php...