Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supadbpath parameter to 1 commonfunctions.php, 2 adminauthcookies.php, 3 adminmods.php, 4 adminnews.php, 5 admintopics.php, 6 adminusers.php, 7...

postrev-rfi.txt

Post Revolution Remote File Inclusion Affected Software .: Post Revolution 6.6 / 7.0 Release Candidate 2 Download..: http://www.fabio.com.ar/postrev/ Risk ..............: high Date .........: 25/3/2007 Found by ..........: InyeXion Contact ...........: InyeXionatgmail.com Web .............:...

CVE-2007-1991

Cross-site scripting XSS vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927...

CVE-2007-1991

Cross-site scripting XSS vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927...

Cross site scripting

Cross-site scripting XSS vulnerability in app/helpers/applicationhelper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment...

CVE-2007-1768

Cross-site scripting XSS vulnerability in app/helpers/applicationhelper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment...

CVE-2007-1768

CVE-2007-1768 affects Mephisto 0.7.3 and Mephisto Edge 20070325. Vulnerable component: app/helpers/application_helper.rb . Issue: Cross-site scripting (XSS) via the author name field in a comment, enabling remote injection of arbitrary web script/HTML. Exploitation details are not provided in the...

CVE-2007-1768

Cross-site scripting XSS vulnerability in app/helpers/applicationhelper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment...

Chinese anti-black mesh XSS vulnerabilities security report-vulnerability warning-the black bar safety net

中国 防 黑 网 www.fanghei.net a network security class site, is www. zone-h. com. cn old home, then it really is not a little BUG? And by across the station talking about! To 1. Search file search. php files across the website! This file appears cross-site vulnerability is very common, the Black...

Cross site scripting

Cross-site scripting XSS vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to 1 scripts/addblogcomment.php and 2 detail.php...

CVE-2007-1433

Cross-site scripting XSS vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to 1 scripts/addblogcomment.php and 2 detail.php...

CVE-2007-1433

Cross-site scripting XSS vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to 1 scripts/addblogcomment.php and 2 detail.php...

Grayscale Blog 0.8.0 (Security Bypass/SQL/XSS) Multiple Remote Vulns

No description provided by source. Security Advisory - Multiple Vulnerabilities in Grayscale Blog 0.8.0 Date : 2007-02-24 Product : Grayscale Blog Version : 0.8.0 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/gsblogger/ - http://www.karlcore.com/programming/blog/...

CVE-2007-1101

Multiple cross-site scripting XSS vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 message "comment" or 2 name field, or the 3 q parameter in a search action in index.php...

CVE-2006-7023

Multiple cross-site scripting XSS vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via 1 the search box, and the 2 url, 3 website, 4 comment, and 5 signature fields in the profile, and possibly 6 a menu item...

Drupal < 4.7.6 (post comments) Remote Command Execution Exploit v2

Exploit for unknown platform in category web applications ================================================================== Drupal new; $conn - proxy"http", "http://".$proxy."/" unless !$proxy; sub usage print "? Drupal \n"; print "? usage: perl $0 host direct...

Drupal &lt; 5.1 (post comments) Remote Command Execution Exploit v2

No description provided by source. !/usr/bin/perl $Id: milw0rmdrupalv5.pl,v 0.2 2007/02/15 13:40:29 str0ke Exp $ milw0rmdrupalv5.pl - Drupal 5.1 Remote Command Execution Exploit Copyright c 2007 str0ke str0ke!milw0rm.com Description ----------- Previews on comments were not passed through normal...

Drupal < 5.1 (post comments) Remote Command Execution Exploit v2

Exploit for unknown platform in category web applications ================================================================ Drupal new; $conn - proxy"http", "http://".$proxy."/" unless !$proxy; sub usage print "? Drupal \n"; print "? usage: perl $0 host directory proxy\n"...

Cross site scripting

Cross-site scripting XSS vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field...

CVE-2007-0763

Cross-site scripting XSS vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field...