635 matches found
CVE-2010-0726
Cross-site scripting XSS vulnerability in the tb-send.rb TrackBack transmission plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the 1 plugintburl and 2 plugintbexcerpt parameters...
JVN#73331060 tDiary plugin tb-send.rb vulnerable to cross-site scripting
tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on some web browsers. Solution Update the Software Update according to the information provided by the developer. Products Affected tDiary 2.2.2full set...
apache 2.2.2 信息泄漏漏洞
No description provided by source...
LightNEasy < 2.2.1 / 2.2.2 XSS Vulnerability
LightNEasy is prone to a cross-site scripting XSS vulnerability. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
CVE-2009-0530
Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 SESSIONSCRIPTPATH parameter to includes/vars.inc.php and the 2 gpcltarlibdir parameter to...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 SESSIONSCRIPTPATH parameter to includes/vars.inc.php and the 2 gpcltarlibdir parameter to...
CVE-2009-0530
Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 SESSIONSCRIPTPATH parameter to includes/vars.inc.php and the 2 gpcltarlibdir parameter to...
CVE-2008-5770
Cross-site scripting XSS vulnerability in config/makeconfig.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...
Cross site scripting
Cross-site scripting XSS vulnerability in config/makeconfig.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...
PHP Weather 2.2.2 LFI / XSS
Lfi/xss script: phpweather-2.2.2 download from:http://downloads.sourceforge.net/phpweather/phpweather-2.2.2.zip?modtime=1087430400&bigmirror=0 vul: /test.php line 48: requirePHPWEATHERBASEDIR . "/output/pwtext$language.php"; xpl: www.site.com/path/test.php?metar=&language=Lfi%00...
PHP Weather 2.2.2 (LFI/XSS) Multiple Remote Vulnerabilities
No description provided by source. Lfi/xss script: phpweather-2.2.2 download from:http://downloads.sourceforge.net/phpweather/phpweather-2.2.2.zip?modtime=1087430400&bigmirror=0 vul: /test.php line 48: requirePHPWEATHERBASEDIR . "/output/pwtext$language.php"; xpl:...
PHP Weather 2.2.2 (LFI/XSS) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications =========================================================== PHP Weather 2.2.2 LFI/XSS Multiple Remote Vulnerabilities =========================================================== Lfi/xss script: phpweather-2.2.2 download...
PHP weather 2.2.2 - Local File Inclusion Cross-Site Scripting
PHP weather 2.2.2 - Local File Inclusion Cross-Site Scripting Lfi/xss script: phpweather-2.2.2 download from:http://downloads.sourceforge.net/phpweather/phpweather-2.2.2.zip?modtime=1087430400&bigmirror=0 vul: /test.php line 48: requirePHPWEATHERBASEDIR . "/output/pwtext$language.php"; xpl:...
PHP weather 2.2.2 - Local File Inclusion / Cross-Site Scripting
Lfi/xss script: phpweather-2.2.2 download from:http://downloads.sourceforge.net/phpweather/phpweather-2.2.2.zip?modtime=1087430400&bigmirror=0 vul: /test.php line 48: requirePHPWEATHERBASEDIR . "/output/pwtext$language.php"; xpl: www.site.com/path/test.php?metar=&language=Lfi%00...
Invision Power Board 'name'参数SQL注入漏洞
BUGTRAQ ID: 31288 CNCAN ID:CNCAN-2008092307 Invision Power Board是一款基于PHP的论坛程序。 Invision Power Board不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息或可操作数据库。 问题是脚本对'name'参数缺少过滤,构建恶意的SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 Invision Power Services Invision Power Board 2.3.5 Invision Power Services Invision Power Boa...
AuraCMS <= 2.2.2 (pages_data.php) Arbitrary Edit/Add/Delete Exploit
No description provided by source. !/usr/bin/perl k1tk4t Public Security Advisory //////////////////////////////////////////////////////////// AuraCMS = 2.2.2 pagesdata.php Arbitrary Edit/Add/Delete data halaman exploit Vendor : http://www.auracms.org/ Kutu : ./js/pages/pagesdata.php Keterangan :...
Fedora 7 : wordpress-2.3.3-0.fc7 (2008-1512)
Fri Feb 8 2008 John Berninger - 2.3.3-0 - update to 2.3.3 for security fixes - BZ 431547 - Sun Dec 30 2007 Adrian Reber - 2.3.2-1 - updated to 2.3.2 bz 426431, Draft Information Disclosure - Tue Oct 30 2007 Adrian Reber - 2.3.1-1 - updated to 2.3.1 bz 357731, wordpress XSS issue - Mon Oct 15 2007...
Debian Security Advisory DSA 238-1 (kdepim)
The remote host is missing an update to kdepim announced via advisory DSA 238-1. OpenVAS Vulnerability Test $Id: deb2381.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 238-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
AutoIndex PHP Script 2.2.2/2.2.3 - 'index.php' Denial of Service
source: https://www.securityfocus.com/bid/26410/info AutoIndex PHP Script is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected input. Successfully exploiting this issue allows remote attackers to consume excessive CPU resources,...
CVE-2007-3639
WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via 1 the wphttpreferer parameter to wp-pass.php, related to the wpgetreferer function in wp-includes/functions.php; and possibly other vectors related to 2...