OZJournal v1.5 - XSS

OZJournal v1.5 Homepage: http://ozjournals.awardspace.com/index.php Affected files: search input box index.php viewing archives show comment page ---------------------------------------- XSS vulnerability via search input box: Data isn't properly sanatized before being displayed. For a PoC in the...

GnuPG Parse_Comment Remote Buffer Overflow

Integer overflow in parsecomment in GnuPG gpg 1.4.4 allows remote attackers to cause a denial of service segmentation fault via a crafted message...

DEBIAN-CVE-2006-3746

Integer overflow in parsecomment in GnuPG gpg 1.4.4 allows remote attackers to cause a denial of service segmentation fault via a crafted message...

CVE-2006-3756

Cross-site scripting XSS vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in 1 lib-comment.php 1.4.0sr4 or 2 comment.php 0.3.11sr6...

CVE-2006-3767

Cross-site scripting XSS vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file in txtcomment parameter, which is used when...

CVE-2006-3767

The CVE-2006-3767 entry describes a Cross-site Scripting (XSS) vulnerability in Darren's osDate 1.1.7 and earlier (showprofile.php) that allows remote attackers to inject arbitrary script/HTML via the onerror attribute in an HTML IMG tag with a non-existent src, used when posting a comment (txtco...

CVE-2006-3173

Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pathcb parameter to a libraries/comment/postComment.php and b modules/poll/poll.php, 2 rel parameter to c modules/archive/overview.inc.php, and the 3...

apnaspace.txt

Apnaspace.com A myspace type site for arab & indian teens Homepage: http://www.http://www.apnaspace.com Effected files: Comment input box: Posting a blog entry: - Entry title - Entry body Viewing a profile Posting a bulletin. Commenting on a picture Sending mail to someone...

Cross site scripting

Cross-site scripting XSS vulnerability in Techno Dreams Guest Book allows remote attackers to inject arbitrary web script or HTML via certain comment fields in the "Sign Our GuestBook" page, probably the xComments parameter to guestbookadd.asp...

CVE-2006-2837

Cross-site scripting XSS vulnerability in Techno Dreams Guest Book allows remote attackers to inject arbitrary web script or HTML via certain comment fields in the "Sign Our GuestBook" page, probably the xComments parameter to guestbookadd.asp...

CVE-2006-2837

CVE-2006-2837 describes a cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book. The flaw allows remote attackers to inject arbitrary web script or HTML through certain comment fields on the Sign Our GuestBook page, most likely the x_Comments parameter to guestbookadd.asp. The conn...

Cross site scripting

Cross-site scripting XSS vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element...

CVE-2006-2803

CVE-2006-2803 describes multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker 1.0. The affected component is the PHP ManualMaker application (version 1.0) with input vectors through the index.php id parameter, the search field (possibly the s parameter), or the comment field. The...

PHP ManualMaker v1.0

PHP ManualMaker v1.0 Homepage: http://deltascripts.com/phpmanualmaker/ Effected files: index.php Search boxes Comment boxes XSS proof of concept: Input in search or comment box: """'IMG SRC=javascript:alert&0000039XSS&0000039""'" XSS via URL injection of id:...

Cross site scripting

Cross-site scripting XSS vulnerability in GuestbookXL 1.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an IMG tag in a comment field to 1 guestwrite.php or 2 guestbook.php...

Sql injection

SQL injection vulnerability in index.php in DGBook 1.0, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the 1 name, 2 email, 3 homepage, 4 address, 5 comment, and 6 ip parameters. NOTE: the provenance of this information is unknown; the details are...

CVE-2006-2564

Multiple cross-site scripting XSS vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by 1 posting a blog, 2 posting a listing, 3 posting an event, 4 adding comments, or 5 sending a message...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by 1 posting a blog, 2 posting a listing, 3 posting an event, 4 adding comments, or 5 sending a message...

CVE-2006-1824

Multiple cross-site scripting XSS vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 Website, and 3 Comment parameter...

CVE-2006-1824

Multiple cross-site scripting XSS vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 Website, and 3 Comment parameter...