17 matches found
EUVD-2009-0679
Malware in sbrugna...
CVE-2025-9237
A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/myaccount.php?editaccount of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is possible to initiate the...
CVE-2025-9237
CodeAstro Ecommerce Website 1.0 is affected by a cross-site scripting (XSS) issue in the Edit Your Account Page, specifically via manipulation of the Username parameter in /customer/my_account.php?edit_account. The vulnerability originates from an unknown function in that page; exploitation can b...
PT-2009-5812 · Cmsphp · Cmsphp
Name of the Vulnerable Software and Affected Versions: CMSphp version 0.21 Description: A cross-site request forgery CSRF issue exists in the Your account module, allowing remote attackers to hijack administrator authentication for requests that change an administrator's password. This is achieve...
CVE-2009-0679
Cross-site scripting XSS vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Code injection
avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the pregreplace function with the eval switch, ...
Cross site scripting
Cross-site scripting XSS vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2009-0677
avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the pregreplace function with the eval switch, ...
CVE-2009-0677
avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the pregreplace function with the eval switch, ...
RavenNuke 2.3.0 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications =============================================== RavenNuke 2.3.0 Multiple Remote Vulnerabilities =============================================== waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0...
RavenNuke 2.3.0 Multiple Remote Vulnerabilities
No description provided by source. waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.htm...
sellownhouse-sql.txt
SellOwnHouse login SQL Injection AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DORK 1 : "2008 SellOwnHouse" DORK 2 : "2007 SellOwnHouse" EXPLOIT : Username: anything' OR 'x'='x Password: anything' OR 'x'='x later attacker can see real admin name and pass in Edit Your Account S@BUN...
dokuwiki -- multiple vulnerabilities
Multiple vulnerabilities have been reported within dokuwiki. dokuwiki is proven vulnerable to: arbitrary PHP code insertion via spellcheck module, XSS attack via "Update your account profile," bypassing of ACL controls when enabled...
CVE-2005-3304
Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via 1 the username parameter in the Your Account page, 2 the url parameter in the Downloads module, and 3 the description parameter in the WebLinks module...
PhpNuke 7.8 with all security fixes/patches "Your_Account", "Downloads", "Web Links" SQL Injection / Remote commans execution
PHPNuke 7.8 with all security fixes/patches "Downloads", "WebLinks" & "YourAccount" SQL INjection - remote commands execution poc exploit there are a lot of unsanitized vars in every module, as I can see, so if magicquotesgpc is Off - SQL INJECTION 1 you can go to "Your Account" and submit a...
PHP-Nuke 7.8 - SQL Injection / Remote Command Execution
?php 20.05 23/10/2005 ---phpnuke78xpl.php PHPNuke 7.8 with all security fixes/patches "Downloads","WebLinks" & "YourAccount" modules SQL Injection / remote commands execution exploit yet not tested 7.9, but OK... by rgod site: http://rgod.altervista.org make these changes in php.ini if you have...
phpnuke60.txt
Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.phpnuke.org Versions : 6.0 & 6.5? Modules : MembersList, YourAccount Problem : SQL Injection PHP Configuration : This will work if magicquotesgpc=OFF. PHP Code/Location : °°°°°°°°°°°°°°°°°°° /modules/MembersList/index.php :...