256 matches found
Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14395/info Clever Copy is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code...
Clever Copy 2.0 - Private Message Unauthorized Access
source: https://www.securityfocus.com/bid/14397/info Clever Copy is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation checks before granting access to private message functions. An attacker can exploit this...
CVE-2005-2324
Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to 1 results.php or 2 categorysearch.php...
CVE-2005-2323
Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the 1 id parameter to viewattach.php, 2 viewuserid parameter to users.php, or the 3 id or 4 forum parameter to viewforum.php...
CVE-2005-2323
Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the 1 id parameter to viewattach.php, 2 viewuserid parameter to users.php, or the 3 id or 4 forum parameter to viewforum.php...
CVE-2005-2322
Cross-site scripting XSS vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the 1 viewuserid or 2 group parameter to users.php...
CVE-2005-2325
Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...
CVE-2005-2325
Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...
CVE-2005-2326
Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php...
CVE-2005-2326
CVE-2005-2326 is a Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a that allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php. The NVD entry provides a MEDIUM severity (CVSSv2 base score 4.3) with network access and no authenticat...
CVE-2005-2324
CVE-2005-2324 affects Clever Copy 2.0 and 2.0a. The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to (1) results.php or (2) categorysearch.php. The cited sources confirm the vulner...
CVE-2005-2326
Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php...
CVE-2005-2323
Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the following parameters: (1) id in viewattach.php, (2) viewuser_id in users.php, and (3) id or (4) forum in viewforum.php. Affecte...
Clever Copy 2.0 - calendar.php Cross-Site Scripting
Clever Copy 2.0 - calendar.php Cross-Site Scripting source: https://www.securityfocus.com/bid/14278/info A cross-site scripting vulnerability affects Clever Copy. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically...
cleverXSS.txt
Clever copy 'calendar.php' 'yr' variable cross site scripting vendor url:http://clevercopy.bestdirectbuy.com advisory:http://lostmon.blogspot.com/2005/07/ clever-copy-calendarphp-yr-variable.html vendor notify: yes exploit available:yes Clever Copy is a free, fully scalable web site portal and ne...
Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14278/info A cross-site scripting vulnerability affects Clever Copy. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. An attacker may leverage this issue...