sBlog_0.72_xss.txt

sBlog 0.7.2 == Multiple Cross-Site Scripting Vulnerability =================================== Information of Software: Software: sBlog 0.7.2 Site: http://servous.se/ Description: sBlog is a simple and new PHP Blog. Is very very simple and it's use by newbie of PHP...

CVE-2006-1012

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...

CVE-2006-1012

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...

CVE-2006-0985

Multiple cross-site scripting XSS vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 website, and 3 comment parameters...

DEBIAN-CVE-2006-0985

Multiple cross-site scripting XSS vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 website, and 3 comment parameters...

guestbook06.txt

author.: l0om - www.excluded.org product: guestbox latest non-BETA 0.6 page: http://spring.realone.ch dork: "Login - Guestbox 0.6" inurl:guestbox.php someone asked me to check the guestbook named "guestbox" and thats the advisory based on my checks. 1.0 everyone can set admin comments to all...

Design/Logic Flaw

Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter...

CVE-2006-0859

Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter...

CVE-2006-0859

CVE-2006-0859 affects Michael Salzer Guestbox 0.6 and earlier versions up to 0.7/0.8 pre-release? It describes a vulnerability where remote attackers can post an admin comment to a guestbook entry via a modified form, possibly related to the nummer parameter. The connected sources corroborate the...

CVE-2006-0859

Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter...

siteframe_5.0.2_xss.txt

Siteframe Beaumont 5.0.2 == User Comment Cross-Site Scripting Vulnerability Information of Software: Software: Siteframe Beaumont 5.0.1a Site: http://www.siteframe.org/ Description of software: Siteframe is a lightweight content-management system designed for the rapid deployment of community-bas...

[SA18924] PerlBLOG Multiple Vulnerabilities

TITLE: PerlBLOG Multiple Vulnerabilities SECUNIA ADVISORY ID: SA18924 VERIFY ADVISORY: http://secunia.com/advisories/18924/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: From remote SOFTWARE: PerlBLOG 1.x http://secunia.com/product/8128/ DESCRIPTION: Aliaksand...

Cross site scripting

Cross-site scripting XSS vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field...

CVE-2006-0715

Cross-site scripting XSS vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field...

[SA18711] MediaWiki Edit Comment Formatting Denial of Service

TITLE: MediaWiki Edit Comment Formatting Denial of Service SECUNIA ADVISORY ID: SA18711 VERIFY ADVISORY: http://secunia.com/advisories/18711/ CRITICAL: Less critical IMPACT: DoS WHERE: From remote SOFTWARE: MediaWiki 1.x http://secunia.com/product/2546/ DESCRIPTION: A vulnerability has been...

Cross site scripting

Cross-site scripting XSS vulnerability in MG2 formerly known as Minigal 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field in a comment associated with a picture...

CVE-2006-0493

Cross-site scripting XSS vulnerability in MG2 formerly known as Minigal 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field in a comment associated with a picture...

CVE-2006-0493

The CVE-2006-0493 entry describes a Cross-site Scripting (XSS) vulnerability in MG2 (formerly Minigal) version 0.5.1. The issue allows remote attackers to inject arbitrary web script or HTML via the Name field in a comment attached to a picture. The available sources confirm the affected software...

CVE-2006-0493

Cross-site scripting XSS vulnerability in MG2 formerly known as Minigal 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field in a comment associated with a picture...

XSS flaw in MG2 Image Gallery (v.0.5.1)

Users can inject XSS into the form field "Name", when adding a comment on a picture. This will lead to the execution of XSS code. Simple scripting like scriptalert'hello'/script , and more advanced document.location, and document.cookie works. This has been tested on version 0.5.1. Other versions...