CVE-2010-5026

SQL injection vulnerability in winners.php in Science Fair In A Box SFIAB 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-5031

Cross-site scripting XSS vulnerability in index.php in fileNice 1.1 allows remote attackers to inject arbitrary web script or HTML via the sstring parameter aka the Search Box. NOTE: some of these details are obtained from third party information...

CVE-2010-5027

Cross-site scripting XSS vulnerability in winners.php in Science Fair In A Box SFIAB 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-5026

SQL injection vulnerability in winners.php in Science Fair In A Box SFIAB 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in winners.php in Science Fair In A Box SFIAB 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in fileNice 1.1 allows remote attackers to inject arbitrary web script or HTML via the sstring parameter aka the Search Box. NOTE: some of these details are obtained from third party information...

CVE-2010-5026

The vulnerability described across sources is a SQL injection in the Scientific project Science Fair In A Box (SFIAB), specifically in winners.php for versions 2.0.6 and 2.2.0. The root cause is unsanitized input in the type parameter, enabling remote attackers to execute arbitrary SQL commands. ...

CVE-2010-5027

The CVE-2010-5027 entry concerns a Cross-site scripting (XSS) vulnerability in the winners.php component of Science Fair In A Box (SFIAB) versions 2.0.6 and 2.2.0. The attack vector involves the type parameter, allowing remote attackers to inject arbitrary web script or HTML. Affected product: Sc...

CVE-2010-5031

CVE-2010-5031 is a cross-site scripting (XSS) vulnerability in fileNice 1.1, affecting index.php via the sstring parameter (Search Box). Concrete details found: the vulnerability is XSS with arbitrary script/HTML injection possible through sstring. Affected component is fileNice 1.1 (index.php). ...

CVE-2010-5026

SQL injection vulnerability in winners.php in Science Fair In A Box SFIAB 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-5027

Cross-site scripting XSS vulnerability in winners.php in Science Fair In A Box SFIAB 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-4985

Cross-site scripting XSS vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to inject arbitrary web script or HTML via vectors involving the "Enter Reference Number Below" text box...

CVE-2010-4984

SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the "Enter Reference Number Below" text box...

Cross site scripting

Cross-site scripting XSS vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter aka Search Box field. NOTE: some of these details are obtained from third party information...

CVE-2010-4976

The CVE-2010-4976 issue affects MetInfo 3.0, specifically the search/search.php handler. The vulnerability arises in the searchword parameter (the Search Box field), enabling remote attackers to inject arbitrary web script or HTML (classic XSS). The description notes that details are from third-p...

Facebook My Phrase Box SQL Injection

Title: ====== Facebook My Phrase Box - SQL Injection Vulnerability Date: ===== 2011-10-16 VL-ID: ===== 288 Introduction: ============= The application is currently included and viewable by all facebook users. The service is an external 3rd party application sponsored by the My Phrase Box. Copy fr...

The use of the overflow extension to SQL injection-vulnerability warning-the black bar safety net

Transfer from: spring brother Looking at the hack in the box magazine, see an article on the combination of overflow way to expand theSQL injectionattack tactics article, so in the blog mark, a record. I had previously mentioned in conjunction with overflow toXSSthe methodand the idea is somewhat...

WordPress ThemeCity Cross Site Scripting

Exploit Title: WP ThemeCity XSS Date: 21.10.2011 - 19.05 Author: Mr.PaPaRoSSe Tested On: BackTrack 5 - Windows xp sp3 Platform: Php Demo : http://www.steveledwards.com/ Search Box "alert"DDz Mr.PaPaRoSSe"...

Dominant Creature BBG/RPG Browser Game - Persistent Cross-Site Scripting

=================================================================================== Dominant Creature BBG/RPG browser game XSS vulnerabilities =================================================================================== Exploit Title: Dominant Creature BBG/RPG browser game XSS...

HITB Quartal Magazine - eZine Issue 007

Document Title: =============== HITB Quartal Magazine - eZine Issue 007 References: =========== Original: https://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-007.pdf Article: https://magazine.hitb.org/ Mirror: https://www.vulnerability-lab.com/resources/documents/297.pdf Article:...