CVE-2009-2131

Cross-site scripting XSS vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted userhomepage parameter to member.php, and then posting a comment associated with a picture...

CVE-2009-2131

Cross-site scripting XSS vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted userhomepage parameter to member.php, and then posting a comment associated with a picture...

LightNEasy < 2.2.1 / 2.2.2 XSS Vulnerability

LightNEasy is prone to a cross-site scripting XSS vulnerability. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

4Images 1.7.7 - Filter Bypass HTML Injection / Cross-Site Scripting

|| || | || o,7 || . o7 || q||| o\, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait, PEACE... =Vuln: 4images = 1.7.7 - filter bypass HTML injection/XSS =INFO: =BUY: =DORK: -=/:Conditions:=- --------------------------------------------------------------------------------- ; Magic quotes...

Cross site scripting

Cross-site scripting XSS vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" aka flat and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the 1 commentname aka Author, 2 commentemail aka Email, and 3 commentmessage aka Comment parameters...

CVE-2009-1937

Cross-site scripting XSS vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" aka flat and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the 1 commentname aka Author, 2 commentemail aka Email, and 3 commentmessage aka Comment parameters...

CVE-2009-1937

LightNEasy is affected by an XSS vulnerability in its comment posting feature for versions 2.2.1 (no database/flat) and 2.2.2 SQLite. The issue allows remote attackers to inject arbitrary web script or HTML via the (1) commentname, (2) commentemail, and (3) commentmessage parameters. The public r...

Joomla Boy Scout Advancement 0.3 SQL Injection

------------------------------------------------------------------------------------------------------------ MULTIPLE SQL INJECTION VULNERABILITIES --Joomla Component 'Boy Scout Advancement' ----------------------------------------------------------------------------------------------------------...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the msg parameter aka the message in an article comment or 2 the searchterm parameter aka the search post form. NOTE: some of these details are obtained from thi...

CVE-2009-1614

Multiple cross-site scripting XSS vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the msg parameter aka the message in an article comment or 2 the searchterm parameter aka the search post form. NOTE: some of these details are obtained from thi...

ProjectCMS 1.0b (index.php sn) Remote SQL Injection Vulnerability

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ------------------...

DEBIAN-CVE-2009-1438

Integer overflow in the CSoundFile::ReadMed function src/loadmed.cpp in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted 1 song comment or 2 song name, which triggers a...

VulnCheck KEV: CVE-2009-1438

Integer overflow in the CSoundFile::ReadMed function src/loadmed.cpp in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted 1 song comment or 2 song name, which...

Cross site scripting

Cross-site scripting XSS vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form...

CVE-2009-1342

Cross-site scripting XSS vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form...

CVE-2009-1342

Cross-site scripting XSS vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form...

CVE-2009-1342

The CVE-2009-1342 issue concerns the Drupal CCK comment reference module (6.x) prior to version 6.x-1.2. The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML through certain comment titles associated with a node edit form. No e...

RedHat Security Advisory RHSA-2009:0352

The remote host is missing updates announced in advisory RHSA-2009:0352. GStreamer is a streaming media framework based on graphs of filters which operate on media data. GStreamer Base Plug-ins is a collection of well-maintained base plug-ins. An integer overflow flaw which caused a heap-based...

RedHat Security Advisory RHSA-2009:0352

The remote host is missing updates announced in advisory RHSA-2009:0352. GStreamer is a streaming media framework based on graphs of filters which operate on media data. GStreamer Base Plug-ins is a collection of well-maintained base plug-ins. An integer overflow flaw which caused a heap-based...

SA-CONTRIB-2009-021 CCK comment reference - Cross site scripting

CCK comment reference project, lets administrators define node fields that are references to comments. When displaying a node edit form, the titles of candidate referenced comments are not properly filtered, allowing malicious users to inject arbitrary code on those pages. Such a cross site...