Wheatblog [multiple xss (post) & full path disclosure]

vendor site: http://wheatblog.sourceforge.net/ product : Wheatblog bug: multiple xss post & full path disclosure risk : medium xss post : /addcomment.php vulnerable fieds : - Name - WWW - Comment impact: an attacker can steal the cookie from every persons who is watching at the comments. full pat...

CVE-2006-5624

Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System MPCS 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to 1 include.php or 2 functions.php. NOTE: the provenance of this information is unknown; the details are...

CVE-2006-5624

CVE-2006-5624 affects Multi-Page Comment System (MPCS) 1.0.0 and earlier. Multiple PHP remote file inclusion vulnerabilities allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. Root cause: unvalidated path parameter enablin...

MPCS <= 1.0 (path) Remote File Include Vulnerabilities

No description provided by source. ================================================================== Multi-Page Comment System RFI ================================================================== Info:- Scripts: Multi-Page Comment System MPCS Home: http://tpvgames.co.uk/web/mpcs/ Download:...

MPCS 1.0 - 'path' Remote File Inclusion

================================================================== Multi-Page Comment System RFI ================================================================== Info:- Scripts: Multi-Page Comment System MPCS Home: http://tpvgames.co.uk/web/mpcs/ Download:...

MPCS <= 1.0 (path) Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ====================================================== MPCS = 1.0 path Remote File Include Vulnerabilities ====================================================== ================================================================== Multi-Page...

Comment IT 0.2 - &#039;PathToComment&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/20739/info Comment IT is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also...

OpenDock FullCore 4.4 - Remote File Inclusion

--------------------------------------------------------------------------------- OpenDock FullCore = v4.4 Remote File Include Vulnerabilities --------------------------------------------------------------------------------- Author : Matdhule Contact : [email protected] Application : OpenDock...

Exhibit Engine <= 1.5 RC 4 (photo_comment.php) File Include Exploit

Exploit for unknown platform in category web applications =================================================================== Exhibit Engine = 1.5 RC 4 photocomment.php File Include Exploit =================================================================== ' ' EXPLOIT coded by Kacper in Visual...

CVE-2006-5160

Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox...

OZJournal15.txt

OZJournal v1.5 Homepage: http://ozjournals.awardspace.com/index.php Affected files: search input box index.php viewing archives show comment page ---------------------------------------- XSS vulnerability via search input box: Data isn't properly sanatized before being displayed. For a PoC in the...

CVE-2006-4106

Cross-site scripting XSS vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title...

CVE-2006-4106

Cross-site scripting XSS vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title...

CVE-2006-4106

The CVE-2006-4106 entry documents a Cross-site Scripting (XSS) vulnerability in blursoft blur6ex 0.3, exploitable by remote attackers to inject arbitrary web script or HTML via a comment title. The affected component is the blur6ex 0.3 product; the root cause is improper sanitization of the comme...

CVE-2006-4091

Multiple cross-site scripting XSS vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the 1 Name or 2 Comment section...

CVE-2006-4090

CVE-2006-4090 describes a cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2. The issue arises in the comment posting flow, likely involving the nickname parameter in previewcomment.php and the From: part of the comment post, allowing remote attackers to inject arbitrary web scrip...

CVE-2006-4088

Multiple cross-site scripting XSS vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the 1 Subject, 2 Comment, and 3 Add new comment sections...

CVE-2006-4091

Multiple cross-site scripting XSS vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the 1 Name or 2 Comment section...

CVE-2006-4090

Cross-site scripting XSS vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname parameter to previewcomment.php...

CVE-2006-4069

Multiple cross-site scripting XSS vulnerabilities in Elaine Aquino Online Zone Journals OZJournals 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 m and 2 c parameters in index.php, 3 a search action, and 4 a "submit comment" action...